Skip to content

#724 [Security] Error reporting route logs raw client data with no PI…#879

Merged
RUKAYAT-CODER merged 1 commit into
rinafcode:mainfrom
veloura-dev:#724--Security]-Error-reporting-route-logs-raw-client-data-with-no-PII-redaction-FIX
Jul 1, 2026
Merged

#724 [Security] Error reporting route logs raw client data with no PI…#879
RUKAYAT-CODER merged 1 commit into
rinafcode:mainfrom
veloura-dev:#724--Security]-Error-reporting-route-logs-raw-client-data-with-no-PII-redaction-FIX

Conversation

@veloura-dev

Copy link
Copy Markdown
Contributor

Description

Fixes a PII leakage vulnerability in the client error reporting endpoint. Previously, src/app/api/errors/report/route.ts used a narrow, hand-rolled redactEmailFields() helper that only redacted keys containing "email", while a prior regression had also stripped email out of the shared logger's SENSITIVE_KEYS/pino redact paths. As a result, sensitive fields like password, token, card, ssn, and phone captured in client-side error/form state were being forwarded to the logger — and potentially to log aggregators — completely unredacted.

This change:

  • Restores email to SENSITIVE_KEYS and the pino redact.paths list in src/lib/logging/index.ts.
  • Replaces the route's bespoke redactEmailFields() with the shared redactObject() from @/lib/logging, applied to the full request body before it's passed to the logger.
  • Fixes a previously-flipped assertion in src/lib/logging/logger.test.ts that had incorrectly expected emails not to be redacted.
  • Adds a new test suite in src/app/api/errors/report/__tests__/route.test.ts asserting that a report containing { email, password } (plus card, ssn, phone, token, including nested objects) is logged with those fields as [REDACTED], while non-PII fields (message, stack, name, url, sessionId, environment) are logged as-is.

Type of Change

  • Bug fix
  • New feature
  • Breaking change
  • Documentation update

Checklist

  • Code follows project style guidelines
  • Self-review completed
  • No console errors — tsc --noEmit clean, ESLint clean on modified files, all 38 relevant tests pass
  • Uses Lucide icons consistently — N/A, this is a backend API/logging fix with no UI component
  • Responsive design implemented — N/A, no UI changes involved
  • Starknet best practices followed — N/A, this codebase/change has no Starknet or blockchain involvement

CLOSE #724

@drips-wave

drips-wave Bot commented Jul 1, 2026

Copy link
Copy Markdown

@veloura-dev Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@RUKAYAT-CODER

Copy link
Copy Markdown
Contributor

Thank you for contributing to the project.

@RUKAYAT-CODER RUKAYAT-CODER merged commit f2cd567 into rinafcode:main Jul 1, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Security] Error reporting route logs raw client data with no PII redaction

2 participants