{{ message }}
MOD-13014: redact user data from JSONPath trace logs#1605
Merged
gabsow merged 1 commit intoJun 23, 2026
Conversation
gabsow
force-pushed
the
tom.gabsow/MOD-13014-hide-user-data-from-trace-logs
branch
from
2995abc to
b09a381
Compare
MOD-13014 removed user data from errors but left the JSONPath engine's trace logs, which still emitted document values, query literals and paths at Redis `debug` log level (trace! maps to RedisLogLevel::Debug). Gate those traces behind a cached mirror of Redis core's `hide-user-data-from-log` server config: a new `trace_user_data!` macro suppresses the message when the flag is on. The module reads the config at load and refreshes it on CONFIG SET via a config-changed event handler. Structural traces (grammar rules, "missing operand" diagnostics) stay on plain trace! and are unaffected. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
gabsow
force-pushed
the
tom.gabsow/MOD-13014-hide-user-data-from-trace-logs
branch
from
b09a381 to
ab7564d
Compare
AvivDavid23
approved these changes
Jun 23, 2026
This was referenced Jun 23, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Background
MOD-13014 removed user data from RedisJSON errors, but left the JSONPath engine's
trace!logs untouched. Those traces still emit user data — document values, query literals, evaluated terms and path trackers — andtrace!maps to Redis'debuglog level (log::Level::Trace→RedisLogLevel::Debug), so they reach the server log wheneverloglevel debugis set. Example leftover:What this does
Mirrors Redis core's
hide-user-data-from-logserver config (aMODIFIABLE_CONFIGbool; core redacts command args / key values from its logs and crash reports when it's on). Theredis-modulecrate has no binding for it, so we cache it ourselves:json_path: a cachedAtomicBool(defaultfalse, matching core) withhide_user_data_from_log()/set_hide_user_data_from_log(), and atrace_user_data!macro that suppresses the message when the flag is on. The 9 user-data-leaking traces (filter terms, evaluated values, sub-filters, path tracker, documentv) now use it. Structural traces (grammar rule names,first_resultbool, operator token, "missing operand" diagnostics) stay on plaintrace!.redis_json: reads the config viaCONFIG GETat module load (sync_hide_user_data_from_log, handles RESP2 array + RESP3 map, defaults tofalseon older Redis lacking the config) and refreshes it onCONFIG SETvia a#[config_changed_event_handler].When
hide-user-data-from-logis enabled, no user data reaches the log; when off (the default), tracing is unchanged.Testing
cargo buildforjson_path+redis_jsoncargo clippy --all-targets -- -D warnings(the CI command) — cleanjson_pathunit tests + integration tests pass, including a new regression test asserting the gate never changes query results (only whether we log)🤖 Generated with Claude Code
Note
Low Risk
Logging-only gating with no change to query semantics; regression test covers result parity when the flag toggles.
Overview
Aligns JSONPath debug/trace logging with Redis core’s
hide-user-data-from-logso document values, filter terms, and path trackers are not written to the server log when that config is enabled.The
json_pathcrate adds a cachedAtomicBool(defaultfalse) withset_hide_user_data_from_log/hide_user_data_from_log, atrace_user_data!macro, and switches the sensitivetrace!sites in filter evaluation andcalc_internalto use it. Structural traces (operators, missing operands, booleans) stay on plaintrace!.redis_jsonreads the setting viaCONFIG GETat load (RESP2 array or RESP3 map, defaultfalseif missing) and refreshes onCONFIG SETthrough aconfig_changed_event_handler. A unit test asserts the flag only affects logging, not query results.Reviewed by Cursor Bugbot for commit ab7564d. Bugbot is set up for automated code reviews on this repo. Configure here.