fix: mask sensitive headers in API request logs#14732
Conversation
The API request logger writes request/response details to persistent plaintext files in the temp/api_logs directory. Without masking, the Authorization header (which carries the user's Comfy API bearer token for paid nodes like Grok, Bria, Runway, Gemini, and Rodin) is written verbatim to every log file. These files are never cleaned up, so tokens accumulate on disk indefinitely. Fix: mask Authorization, X-API-Key, Cookie, Set-Cookie, and Proxy-Authorization headers before writing to log files. Non-sensitive headers pass through unchanged. 9 tests: masking behavior, case-insensitivity, non-mutation of original, and end-to-end verification that the token does not appear in the log file. Signed-off-by: John Kearney <johndanielkearney@gmail.com>
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (2)
📝 WalkthroughWalkthroughThis pull request adds masking for sensitive HTTP headers (Authorization, Proxy-Authorization, X-API-Key, Cookie, Set-Cookie) in the request logger used by comfy_api_nodes, via a new _mask_sensitive_headers helper applied before request and response headers are written to plaintext log files. Filename sanitization logic is reformatted without behavior changes, and the module's __main__ demonstration block is expanded with additional example invocations. A new test module validates masking behavior and confirms sensitive values do not appear in generated log files. Changes
Sequence Diagram(s)See hidden layer diagram for header masking flow. Related PRs: None identified. Suggested labels: security, tests Suggested reviewers: (none identified from provided context) Poem: A rabbit hopped through logs at night, and found tokens shining much too bright. With a wave of paw, three stars appear — ***, ***, hiding what should not be here. Now Bearer tokens sleep unseen, safe within the log, so clean. 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
fix: mask sensitive headers in API request logs
Summary
The API request logger (
comfy_api_nodes/util/request_logger.py) writesrequest/response details to persistent plaintext files in
temp/api_logs/. Without masking, theAuthorizationheader — which carriesthe user's Comfy API bearer token for paid nodes (Grok, Bria, Runway, Gemini,
Rodin) — is written verbatim to every log file. These files are never
cleaned up or rotated, so tokens accumulate on disk indefinitely.
Fix: mask
Authorization,X-API-Key,Cookie,Set-Cookie, andProxy-Authorizationheaders before writing to log files. Non-sensitiveheaders pass through unchanged.
The vulnerability
Every API request creates a new log file in
temp/api_logs/containing thebearer token in plaintext. These files:
Exposure scenarios
The fix
Non-sensitive headers (
Accept,Content-Type,User-Agent) pass throughunchanged — the logs remain useful for debugging.
Tests
9 tests in
tests/test/test_request_logger.py:Authorization,X-API-Key,Cookie,Set-Cookieare all masked to
***authorizationandAUTHORIZATIONboth maskedAccept,Content-Type,User-Agentpass through
Noneand{}handledlog_request_responsedoes notcontain the token, but does contain
Authorization: ***Impact
nodes) is written to persistent plaintext log files that never expire
Gemini, Rodin, etc.) — the token is logged on every request
the log files are designed to be human-readable and shareable for debugging
Scope
Two files:
comfy_api_nodes/util/request_logger.py(the fix) andtests/test/test_request_logger.py(new test file). Diff: +175/−13.API Node PR Checklist
Scope
Pricing & Billing
If Need pricing update:
QA
Comms