Conversation
24412 nuxt project setup
30793 - add DateRangeFilter component
30793 datepicker icontooltip
30793 - StatusMenu and StatusList components
|
Temporary Url for review: https://pay-web-dev--pr-285-xi553ou5.web.app |
|
/gcbrun |
|
Temporary Url for review: https://pay-web-dev--pr-285-xi553ou5.web.app |
Co-authored-by: Your Name <your.email@example.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
|
||
| async function performLoginAndSaveSession(page, context, baseURL, loginType, username, password) { | ||
| await page.goto(baseURL) | ||
| console.log(`Global setup: loginType=${loginType}, username=${username}`) |
Check failure
Code scanning / CodeQL
Clear-text logging of sensitive information High test
This autofix suggestion was applied.
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 29 days ago
In general, to fix clear-text logging of sensitive information, remove sensitive values from log messages or replace them with non-sensitive, redacted, or generalized information. Keep logging high-level status (e.g., loginType, environment, success/failure) without printing secrets or identifiers derived from environment variables used for authentication.
For this specific issue, the problematic sink is on line 106:
console.log(`Global setup: loginType=${loginType}, username=${username}`)The best fix that preserves functionality is to stop logging the raw username. We can still log loginType and, if helpful, a non-sensitive indicator that a username was used or a redacted form (e.g., masking all but the first character). Since we must avoid assuming extra utility functions elsewhere, the simplest and safest change is to remove username from the log entirely:
console.log(`Global setup: Starting login using loginType=${loginType}`)This ensures no environment-derived credential is written to logs while maintaining useful debug information. No new imports or helper methods are required; the change is limited to the single log line in performLoginAndSaveSession in test-automation/globalSetup.js.
| @@ -103,7 +103,7 @@ | ||
|
|
||
| async function performLoginAndSaveSession(page, context, baseURL, loginType, username, password) { | ||
| await page.goto(baseURL) | ||
| console.log(`Global setup: loginType=${loginType}, username=${username}`) | ||
| console.log(`Global setup: Starting login using loginType=${loginType}`) | ||
|
|
||
|
|
||
| const loginPage = new LoginPage(page) |
seeker25
committed this autofix suggestion 29 days ago.
…ensitive information Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
* 32634, 32196 UXA / QA Updates * Transactions more feedback, EFT updates, clean up
This comment was marked as outdated.
This comment was marked as outdated.
* fix decimal point validation * button hide / show logic update and linting * lint * lint, test fixes / updates
|
/gcbrun |
|
Temporary Url for review: https://pay-web-dev--pr-285-4pbohven.web.app |
* 32196 - EFT UX / QA clean up * test fix
|
/gcbrun |
|
Temporary Url for review: https://pay-web-dev--pr-285-4pbohven.web.app |
* 32196 - EFT UX / QA clean up * test fix * 32196 - EFT UXA Review 2
|
/gcbrun |
|
Temporary Url for review: https://pay-web-dev--pr-285-4pbohven.web.app |
Co-authored-by: Your Name <your.email@example.com>
* added auth flow validation
|
/gcbrun |
|
Temporary Url for review: https://pay-web-dev--pr-285-4pbohven.web.app |
9 participants
No description provided.