Skip to content

Conversation

@sfc-gh-ext-simba-gc
Copy link
Collaborator

@sfc-gh-ext-simba-gc sfc-gh-ext-simba-gc commented Oct 15, 2025

Teamwork issue #1314

There were 2 sources that contributed to leakage of Session Token and Master Token seen in debug logs. As suspected one source came from stderr. The second leak came from an internal call where the token string pattern was not expected.

For the session token leak that originated from stderr, I have added CURLINFO_TOKEN_PATTERN to our SecretDetector where text being dumped to terminal via stderr are masked when necessary.

For the second session token leak that originated from lack of option in an internal call (json_copy_string()), I have added "SessionToken" option in and have verified the fix worked.

2 test cases (test_terminal_mask and test_mask_stderr) have been added to tests/test_unit_logger.

I have verified the fix by running the two test cases that I've added as well as test_connect_with_renew in tests/test_unit_connect_parameters.c where the bug was originally reported and searching the terminal output for tokens and its values.

@codecov
Copy link

codecov bot commented Oct 15, 2025

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.09%. Comparing base (b3dfbb8) to head (c05b36a).

Additional details and impacted files
@@            Coverage Diff             @@
##           master     #930      +/-   ##
==========================================
+ Coverage   79.59%   80.09%   +0.49%     
==========================================
  Files         127      127              
  Lines       10913    10925      +12     
==========================================
+ Hits         8686     8750      +64     
+ Misses       2227     2175      -52     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@sfc-gh-ext-simba-gc sfc-gh-ext-simba-gc marked this pull request as ready for review November 13, 2025 20:51
@sfc-gh-ext-simba-gc sfc-gh-ext-simba-gc requested a review from a team as a code owner November 13, 2025 20:51
@sfc-gh-snoonan sfc-gh-snoonan changed the title Snow 2316658: fixed session token leakage SNOW-2316658: fixed session token leakage Nov 25, 2025
@sfc-gh-pbulawa sfc-gh-pbulawa merged commit ae214ce into master Nov 27, 2025
98 of 101 checks passed
@sfc-gh-pbulawa sfc-gh-pbulawa deleted the SNOW-2316658-sessionToken branch November 27, 2025 08:51
@github-actions github-actions bot locked and limited conversation to collaborators Nov 27, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants