fix(adk): redact credentials in BigQuery analytics plugin

Fixes an issue where the Agent Analytics plugin could log plain-text
OAuth credentials and access tokens to BigQuery. Sensitive keys are
now redacted.

Co-authored-by: Haiyuan Cao <haiyuan@google.com>
PiperOrigin-RevId: 891963630

Author: haiyuan-eng-google

src/google/adk/plugins/bigquery_agent_analytics_plugin.py

@@ -208,11 +208,24 @@ def _get_tool_origin(tool: "BaseTool") -> str:
   return "UNKNOWN"
 
 
+_SENSITIVE_KEYS = frozenset({
+    "client_secret",
+    "access_token",
+    "refresh_token",
+    "id_token",
+    "api_key",
+    "password",
+})
+
+
 def _recursive_smart_truncate(
     obj: Any, max_len: int, seen: Optional[set[int]] = None
 ) -> tuple[Any, bool]:
   """Recursively truncates string values within a dict or list.
 
+  Redacts sensitive keys corresponding to OAuth tokens and secrets
+  prior to serialization into BigQuery JSON strings.
+
   Args:
       obj: The object to truncate.
       max_len: Maximum length for string values.
@@ -251,6 +264,12 @@ def _recursive_smart_truncate(
       # but explicit loop is fine for clarity given recursive nature.
       new_dict = {}
       for k, v in obj.items():
+        if isinstance(k, str):
+          k_lower = k.lower()
+          if k_lower in _SENSITIVE_KEYS or k_lower.startswith("temp:"):
+            new_dict[k] = "[REDACTED]"
+            continue
+
         val, trunc = _recursive_smart_truncate(v, max_len, seen)
         if trunc:
           truncated_any = True

tests/unittests/plugins/test_bigquery_agent_analytics_plugin.py

@@ -384,6 +384,39 @@ class LocalIncident:
   assert truncated["result"]["kpi_missed"][0]["kpi"] == "latency"
 
 
+def test_recursive_smart_truncate_redaction():
+  """Test that sensitive keys and temp: state keys are redacted."""
+  obj = {
+      "client_secret": "super-secret-123",
+      "access_token": "ya29.blah",
+      "refresh_token": "1//0g",
+      "id_token": "eyJhb",
+      "api_key": "AIza",
+      "password": "my-password",
+      "safe_key": "safe-value",
+      "temp:auth_state": "some-auth-state",
+      "nested": {
+          "CLIENT_SECRET": "nested-secret",
+          "normal": "value",
+      },
+  }
+  max_len = 1000
+  truncated, is_truncated = (
+      bigquery_agent_analytics_plugin._recursive_smart_truncate(obj, max_len)
+  )
+  assert not is_truncated
+  assert truncated["client_secret"] == "[REDACTED]"
+  assert truncated["access_token"] == "[REDACTED]"
+  assert truncated["refresh_token"] == "[REDACTED]"
+  assert truncated["id_token"] == "[REDACTED]"
+  assert truncated["api_key"] == "[REDACTED]"
+  assert truncated["password"] == "[REDACTED]"
+  assert truncated["safe_key"] == "safe-value"
+  assert truncated["temp:auth_state"] == "[REDACTED]"
+  assert truncated["nested"]["CLIENT_SECRET"] == "[REDACTED]"
+  assert truncated["nested"]["normal"] == "value"
+
+
 class TestBigQueryAgentAnalyticsPlugin:
   """Tests for the BigQueryAgentAnalyticsPlugin."""