{{ message }}
MOD-13014: hide user data from trace logs by default (fail closed) [8.10]#1610
Closed
gabsow wants to merge 1 commit into
Closed
MOD-13014: hide user data from trace logs by default (fail closed) [8.10]#1610gabsow wants to merge 1 commit into
gabsow wants to merge 1 commit into
Conversation
Follow-up to #1605. The cached hide-user-data-from-log gate defaulted to `false` (show), matching Redis core's config default. Flip it to fail closed so user data is redacted unless the server is known to permit it: - the cached flag now defaults to `true` (hidden) - read_hide_user_data_from_log returns `true` on any read failure and shows data only when the server explicitly sets the config to `no` This keeps user data out of the logs in contexts without a readable config (read errors, older Redis lacking the config, the standalone jsonpath binary, unit tests). A running server still follows an explicit `hide-user-data-from-log no`. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Collaborator
Author
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Cherry-pick of #1609 onto
8.10. Follow-up to #1608 (already merged).Flips the JSONPath trace-log redaction gate to fail closed:
hide-user-data-from-logflag now defaults totrue(hidden)read_hide_user_data_from_logreturnstrueon any read failure, and shows data only when the server explicitly setshide-user-data-from-log noSo contexts without a readable config (read errors, older Redis lacking the config, the standalone
jsonpathbinary, unit tests) keep user data hidden rather than leaking it. A running server still honors an explicithide-user-data-from-log no.Testing
cargo fmt -- --check,cargo clippy --all-targets -- -D warnings— cleanjson_pathtests pass🤖 Generated with Claude Code
Note
Medium Risk
Changes logging/redaction defaults and CONFIG interpretation; query results are unchanged but operators who relied on verbose traces without an explicit
hide-user-data-from-log nowill see less detail.Overview
JSONPath trace logs now redact user data by default instead of only when Redis says to hide it. The cached
hide-user-data-from-logflag starts astrue, andtrace_user_data!still skips those traces while the flag is set.In the RedisJSON module,
read_hide_user_data_from_logfails closed:CONFIG GETerrors or missing/unparseable values keep redaction on. User data appears in traces only when the server setshide-user-data-from-logtono(the previous logic treatedyesas the signal to hide and defaulted to showing data on read failure).Standalone
jsonpath, tests, and older Redis without the config therefore no longer emit verbose user-data traces unless something explicitly opts out. A unit test now restores the hidden default after toggling the flag.Reviewed by Cursor Bugbot for commit 321966a. Bugbot is set up for automated code reviews on this repo. Configure here.