pengjunjie/ragflow
1
0
Fork 1
mirror of https://github.com/infiniflow/ragflow.git synced 2025-12-23 23:16:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

Potential fix for code scanning alert no. 59: Clear-text logging of sensitive information

Browse Source 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
This commit is contained in:
Yingfeng
2025-12-22 11:59:50 +08:00
committed by GitHub
parent c7cf7aad4e
commit 15eccb445d
1 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
common/http_client.py
View File

@ -151,15 +151,15 @@ async def async_request(
except httpx.RequestError as exc: except httpx.RequestError as exc:
last_exc = exc last_exc = exc
if attempt >= retries: if attempt >= retries:
if not _is_sensitive_url(url): # Do not log the full URL here to avoid leaking sensitive data.
log_url = _redact_sensitive_url_params(url) logger.warning(
logger.warning(f"async_request exhausted retries for {method} {log_url}") f"async_request exhausted retries for {method}; last error: {exc}"
)
raise raise
delay = _get_delay(backoff_factor, attempt) delay = _get_delay(backoff_factor, attempt)
if not _is_sensitive_url(url): # Avoid including the (potentially sensitive) URL in retry logs.
log_url = _redact_sensitive_url_params(url)
logger.warning( logger.warning(
f"async_request attempt {attempt + 1}/{retries + 1} failed for {method} {log_url}; retrying in {delay:.2f}s" f"async_request attempt {attempt + 1}/{retries + 1} failed for {method}; retrying in {delay:.2f}s"
) )
await asyncio.sleep(delay) await asyncio.sleep(delay)
raise last_exc # pragma: no cover raise last_exc # pragma: no cover