removing logs which exposes critical details#572
Conversation
Signed-off-by: nagendra0721 <nagendra0718@gmail.com>
|
Warning Review limit reached
More reviews will be available in 27 minutes and 10 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
WalkthroughThis PR makes only logging and whitespace/formatting changes in KeymanagerServiceImpl: log messages around HSM master-key discovery and private-key decryption were updated, an ED25519 conditional was reformatted, and one info-log line in generateECSignKey was reflowed. No behavioral changes. ChangesKey and Certificate Material Preparation
Estimated Code Review Effort🎯 1 (Trivial) | ⏱️ ~2 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Signed-off-by: nagendra0721 <nagendra0718@gmail.com>
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In
`@kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanagerservice/service/impl/KeymanagerServiceImpl.java`:
- Around line 956-957: The LOGGER.info call in KeymanagerServiceImpl that
includes keyFromDBStore.toString() and decryptedPrivateKey.length exposes
sensitive cryptographic data; remove any serialization of keyFromDBStore and the
decryptedPrivateKey length from logs, instead log only non-sensitive identifiers
(e.g., a safe key store id or a masked alias) and a generic success message;
update the LOGGER.info invocation in KeymanagerServiceImpl to stop calling
keyFromDBStore.toString() and to omit decryptedPrivateKey, or replace them with
a single sanitized field (e.g., getKeyStoreId() or masked alias) to ensure no
private key material or cryptographic metadata is written to logs.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: fa5c09c1-a51b-46ba-b782-ca078fcc44cc
📒 Files selected for processing (1)
kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanagerservice/service/impl/KeymanagerServiceImpl.java
Signed-off-by: nagendra0721 <nagendra0718@gmail.com>
Signed-off-by: nagendra0721 <nagendra0718@gmail.com>
Signed-off-by: nagendra0721 <nagendra0718@gmail.com>
Signed-off-by: nagendra0721 <nagendra0718@gmail.com>
Summary by CodeRabbit