Skip to content

Potential fix for code scanning alert no. 32: Clear-text logging of sensitive information#57

Merged
johnteee merged 1 commit into
mainfrom
alert-autofix-32
Jun 5, 2026
Merged

Potential fix for code scanning alert no. 32: Clear-text logging of sensitive information#57
johnteee merged 1 commit into
mainfrom
alert-autofix-32

Conversation

@johnteee

@johnteee johnteee commented Jun 5, 2026

Copy link
Copy Markdown
Member

Potential fix for https://github.com/TeaEntityLab/teaAgent/security/code-scanning/32

General fix: provide a sanitized serialization path that excludes sensitive fields at the source (data model serialization), then use that for user-facing/loggable output. This avoids relying only on sink-side masking and helps static analyzers prove safety.

Best single fix without changing functionality:

  • Edit teaagent/mcp_trust.py to add a non-sensitive serializer method on MCPTrustPolicy (e.g., to_public_dict) that omits trusted (and keeps existing non-sensitive structure).
  • Edit teaagent/cli/_handlers/_mcp_trust.py to call policy.to_public_dict() instead of policy.to_dict() in CLI print payloads (list, inspect fallback, allow, deny).
  • Keep existing _print_json masking logic unchanged; this remains defense-in-depth.

This addresses both variants by removing trusted from the serialized object that reaches json.dumps in CLI handlers.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

…ensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@johnteee johnteee marked this pull request as ready for review June 5, 2026 15:27
@johnteee johnteee merged commit 603a35e into main Jun 5, 2026
11 of 16 checks passed
@johnteee johnteee deleted the alert-autofix-32 branch June 5, 2026 15:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant