{{ message }}
MOD-13014: redact user data from JSONPath trace logs [8.10]#1608
Merged
gabsow merged 1 commit intoJun 23, 2026
Merged
Conversation
MOD-13014 removed user data from errors but left the JSONPath engine's trace logs, which still emitted document values, query literals and paths at Redis `debug` log level (trace! maps to RedisLogLevel::Debug). Gate those traces behind a cached mirror of Redis core's `hide-user-data-from-log` server config: a new `trace_user_data!` macro suppresses the message when the flag is on. The module reads the config at load and refreshes it on CONFIG SET via a config-changed event handler. Structural traces (grammar rules, "missing operand" diagnostics) stay on plain trace! and are unaffected. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
AvivDavid23
approved these changes
Jun 23, 2026
gabsow
deleted the
tom.gabsow/MOD-13014-hide-user-data-from-trace-logs-8.10
branch
4 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Cherry-pick of #1605 onto
8.10.Background
MOD-13014 removed user data from RedisJSON errors, but the JSONPath engine's
trace!logs still emitted user data — document values, query literals, evaluated terms and path trackers.trace!maps to Redis'debuglog level (log::Level::Trace→RedisLogLevel::Debug), so these reach the server log wheneverloglevel debugis set.What this does
Mirrors Redis core's
hide-user-data-from-logserver config. Theredis-modulecrate has no binding for it, so we cache it:json_path: a cachedAtomicBool(defaultfalse, matching core) withhide_user_data_from_log()/set_hide_user_data_from_log(), and atrace_user_data!macro that suppresses the message when the flag is on. User-data-leaking traces (filter terms, evaluated values, sub-filters, path tracker, documentv, unknown function names) use it; structural traces (grammar rule names, diagnostics, operator tokens) stay on plaintrace!.redis_json: reads the config viaCONFIG GETat module load and refreshes it onCONFIG SETvia a#[config_changed_event_handler]. Defaults tofalseon older Redis lacking the config.Testing
cargo fmt -- --check,cargo clippy --all-targets -- -D warnings— cleanjson_pathtests pass, including a regression test asserting the gate never changes query results🤖 Generated with Claude Code
Note
Low Risk
Logging-only gating with no query semantics changes; module init and CONFIG handler add minimal operational surface.
Overview
JSONPath debug/trace logs could still leak document values, filter terms, and path trackers when
loglevel debugwas set. This PR aligns that behavior with Redis core’shide-user-data-from-logserver setting.json_pathadds a cachedAtomicBool(defaultfalse),set_hide_user_data_from_log/hide_user_data_from_log, and atrace_user_data!macro that skips logging when the flag is on. Sensitive traces in filter evaluation,calc_internal, and unknown function names use the macro; structural diagnostics keep plaintrace!.redis_jsonreads the config viaCONFIG GETat module init, refreshes onCONFIG SETthrough aconfig_changed_event_handler, and callssync_hide_user_data_from_logso the engine stays in sync.A unit test asserts toggling the flag does not change query results—only log output.
Reviewed by Cursor Bugbot for commit 1011b11. Bugbot is set up for automated code reviews on this repo. Configure here.