Comprehensive Yandex Disk API Improvements#52
Merged
Conversation
Working example - wip
example.go updated - wip
badges: build status, coverage and code size added
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.0 to 1.9.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.8.0...v1.9.0) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.9.0 to 1.10.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.9.0...v1.10.0) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [coverallsapp/github-action](https://github.com/coverallsapp/github-action) from 2.3.3 to 2.3.6. - [Release notes](https://github.com/coverallsapp/github-action/releases) - [Commits](coverallsapp/github-action@v2.3.3...v2.3.6) --- updated-dependencies: - dependency-name: coverallsapp/github-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…tion across multiple files
…ing in client methods
…nd output in client and logger
…ty, and metadata retrieval functions
…and upload methods
- Added BatchDeleteFiles, BatchCopyFiles, BatchMoveFiles, and BatchUpdateMetadata methods to handle multiple file operations concurrently. - Introduced BatchOperationResult and BatchOperationStatus structs to track the results and status of batch operations. - Implemented options for configuring concurrency, error handling, and progress reporting in batch operations. - Added convenience methods for simplified batch operations: BatchDeleteFilesSimple, BatchCopyFilesSimple, BatchMoveFilesSimple, BatchRenameFiles, BatchMoveToDirectory, and BatchCopyToDirectory. - Created unit tests for batch operations to ensure functionality and error handling.
- Implemented a new example for uploading files to Yandex Disk with progress tracking. - Added a test file for demonstration purposes. - Introduced pagination options and iterators for handling paginated API responses. - Enhanced existing methods to support pagination for fetching sorted files, last uploaded resources, and public resources. - Created paginated wrappers and iterators for better access to paginated data. - Added comprehensive tests for pagination functionality and edge cases.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| // Debug logs a debug message | ||
| func (l *DiskLogger) Debug(format string, args ...interface{}) { | ||
| if l.shouldLog(DEBUG) { | ||
| l.logger.Print(l.formatMessage(DEBUG, format, args...)) |
Check failure
Code scanning / CodeQL
Clear-text logging of sensitive information High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 10 months ago
To fully address the risk of clear-text logging of sensitive information, the code should enforce sanitization of sensitive headers regardless of configuration, or at least make it much harder to disable. The best fix is to ensure that sensitive headers (such as those containing "Authorization", "Token", "Key", "Secret") are always sanitized before being logged, regardless of the SanitizeAuth setting. This can be achieved by modifying the SanitizeValue function to always sanitize these headers, and only allow non-sensitive headers to be optionally sanitized based on configuration. Additionally, the LogRequest method should be updated to use this stricter sanitization.
The required changes are:
- Update
SanitizeValueto always sanitize sensitive headers, regardless of theSanitizeAuthflag. - Optionally, update documentation/comments to clarify this behavior.
All changes are within logger.go, specifically in the SanitizeValue method.
Suggested changeset
1
logger.go
| @@ -150,9 +150,6 @@ | ||
|
|
||
| // SanitizeValue sanitizes sensitive information for logging | ||
| // SanitizeValue sanitizes sensitive information for logging. | ||
| func (l *DiskLogger) SanitizeValue(key, value string) string { | ||
| if !l.config.SanitizeAuth { | ||
| return value | ||
| } | ||
|
|
||
| lowerKey := strings.ToLower(key) | ||
| // Always sanitize sensitive headers, regardless of config | ||
| if strings.Contains(lowerKey, "auth") || | ||
| @@ -166,2 +163,6 @@ | ||
| } | ||
| // Optionally sanitize other headers if SanitizeAuth is enabled | ||
| if l.config.SanitizeAuth { | ||
| // Add any additional non-sensitive header sanitization here if needed | ||
| } | ||
| return value |
Copilot is powered by AI and may make mistakes. Always verify output.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR implements comprehensive improvements to the Yandex Disk Go client library, including:
• Batch Operations - Parallel file operations (delete, copy, move, metadata updates) with status tracking and retry mechanisms
• Pagination Support - Complete pagination framework with offset/limit and cursor-based approaches, including iterators for seamless data traversal
• File Upload System - Robust upload functionality with progress tracking, large file support, and automatic method selection
• Structured Logging - Configurable logging system replacing
log.Fatalcalls with proper error handling• Trash Management - Complete trash operations including restore, list, empty, and metadata retrieval
• Enhanced Error Handling - Comprehensive error management with detailed error responses
• Test Coverage - Extensive test suite covering all new functionality
• Example Applications - Practical examples demonstrating upload, pagination, and utility functions