mirror of
https://github.com/openclaw/openclaw.git
synced 2026-03-19 05:50:47 +00:00
Agents: sanitize auth profile console logs
This commit is contained in:
Altay
38
src/agents/auth-profiles/state-observation.test.ts
Normal file
38
src/agents/auth-profiles/state-observation.test.ts
Normal file
@@ -0,0 +1,38 @@
|
||||
import { afterEach, describe, expect, it, vi } from "vitest";
|
||||
import { resetLogger, setLoggerOverride } from "../../logging/logger.js";
|
||||
import { logAuthProfileFailureStateChange } from "./state-observation.js";
|
||||
|
||||
afterEach(() => {
|
||||
setLoggerOverride(null);
|
||||
resetLogger();
|
||||
});
|
||||
|
||||
describe("logAuthProfileFailureStateChange", () => {
|
||||
it("sanitizes consoleMessage fields before logging", () => {
|
||||
const warnSpy = vi.spyOn(console, "warn").mockImplementation(() => {});
|
||||
setLoggerOverride({ level: "silent", consoleLevel: "warn" });
|
||||
|
||||
logAuthProfileFailureStateChange({
|
||||
runId: "run-1\nforged\tentry\rtest",
|
||||
profileId: "openai:profile-1",
|
||||
provider: "openai\u001b]8;;https://evil.test\u0007",
|
||||
reason: "overloaded",
|
||||
previous: undefined,
|
||||
next: {
|
||||
errorCount: 1,
|
||||
cooldownUntil: 1_700_000_060_000,
|
||||
failureCounts: { overloaded: 1 },
|
||||
},
|
||||
now: 1_700_000_000_000,
|
||||
});
|
||||
|
||||
const consoleLine = warnSpy.mock.calls[0]?.[0];
|
||||
expect(typeof consoleLine).toBe("string");
|
||||
expect(consoleLine).toContain("runId=run-1 forged entry test");
|
||||
expect(consoleLine).toContain("provider=openai]8;;https://evil.test");
|
||||
expect(consoleLine).not.toContain("\n");
|
||||
expect(consoleLine).not.toContain("\r");
|
||||
expect(consoleLine).not.toContain("\t");
|
||||
expect(consoleLine).not.toContain("\u001b");
|
||||
});
|
||||
});
|
||||
@@ -1,5 +1,6 @@
|
||||
import { redactIdentifier } from "../../logging/redact-identifier.js";
|
||||
import { createSubsystemLogger } from "../../logging/subsystem.js";
|
||||
import { sanitizeForConsole } from "../pi-embedded-error-observation.js";
|
||||
import type { AuthProfileFailureReason, ProfileUsageStats } from "./types.js";
|
||||
|
||||
const observationLog = createSubsystemLogger("agent/embedded");
|
||||
@@ -30,6 +31,8 @@ export function logAuthProfileFailureStateChange(params: {
|
||||
previousCooldownUntil > params.now &&
|
||||
previousCooldownUntil === params.next.cooldownUntil;
|
||||
const safeProfileId = redactIdentifier(params.profileId, { len: 12 });
|
||||
const safeRunId = sanitizeForConsole(params.runId) ?? "-";
|
||||
const safeProvider = sanitizeForConsole(params.provider) ?? "-";
|
||||
|
||||
observationLog.warn("auth profile failure state updated", {
|
||||
event: "auth_profile_failure_state_updated",
|
||||
@@ -50,7 +53,7 @@ export function logAuthProfileFailureStateChange(params: {
|
||||
disabledReason: params.next.disabledReason,
|
||||
failureCounts: params.next.failureCounts,
|
||||
consoleMessage:
|
||||
`auth profile failure state updated: runId=${params.runId ?? "-"} profile=${safeProfileId} provider=${params.provider} ` +
|
||||
`auth profile failure state updated: runId=${safeRunId} profile=${safeProfileId} provider=${safeProvider} ` +
|
||||
`reason=${params.reason} window=${windowType} reused=${String(windowReused)}`,
|
||||
});
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user