Skip to content

Comments

security: prevent API key leakage in wrapper script logs (fixes #263)#313

Merged
pradeeban merged 1 commit intoControlCore-Project:devfrom
GaneshPatil7517:fix/remove-api-key-logging
Feb 18, 2026
Merged

security: prevent API key leakage in wrapper script logs (fixes #263)#313
pradeeban merged 1 commit intoControlCore-Project:devfrom
GaneshPatil7517:fix/remove-api-key-logging

Conversation

@GaneshPatil7517
Copy link

@GaneshPatil7517 GaneshPatil7517 commented Feb 14, 2026

@pradeeban

Summary

This PR resolves Issue #263 by preventing API keys from being printed to stdout in wrapper scripts.

Previously, the API key was printed directly:

print(apikey)

Since stdout is captured into concoreout.txt, this resulted in credentials being stored in plaintext log files.

Changes Made

  • Removed print(apikey) from:

    • demo/cwrap.py
    • demo/pwrap.py
    • ratc/cwrap.py
    • ratc/pwrap.py

  • Sanitized debug URL print in demo/cwrap.py and ratc/cwrap.py to use <APIKEY_HIDDEN> placeholder instead of the actual key.

  • No logic changes API key is still read and used for HTTP requests, just never printed.

Security Impact

  • Prevents credential leakage in log files
  • Removes API key from debug URL output
  • Reduces risk of accidental key exposure

Scope

  • Minimal change (6 lines across 4 files)
  • No logic modifications
  • No concore-lite changes
  • No Verilog changes

Testing

  • All 4 modified files pass Python syntax validation
  • Full test suite passes (57/57 tests)
  • Verified no print(apikey) remains anywhere in the repository
image

Copilot AI review requested due to automatic review settings February 14, 2026 07:53
Copilot AI reviewed Feb 14, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses a critical security vulnerability where API keys were being printed to stdout in wrapper scripts, resulting in credentials being stored in plaintext log files (concoreout.txt). The fix removes direct API key printing and sanitizes debug URL output to prevent credential exposure while maintaining full functionality.

Changes:

  • Removed print(apikey) statements from all four wrapper scripts (demo/cwrap.py, demo/pwrap.py, ratc/cwrap.py, ratc/pwrap.py)
  • Replaced removed print statements with security-focused comments
  • Sanitized debug URL prints in cwrap.py files to use <APIKEY_HIDDEN> placeholder instead of actual API key

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File Description
demo/pwrap.py Removed API key print statement, replaced with security comment
demo/cwrap.py Removed API key print statement and sanitized debug URL to hide API key
ratc/pwrap.py Removed API key print statement, replaced with security comment
ratc/cwrap.py Removed API key print statement and sanitized debug URL to hide API key

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@pradeeban
Copy link
Member

pradeeban commented Feb 14, 2026

Pls remove the comments "do not log for security reasons."

Just removing the print(apikey) is sufficient. The inclusion was meant as a debug mechanism.
Actually if we really used logger properly, this could have been a logger.DEBUG.

@GaneshPatil7517 GaneshPatil7517 force-pushed the fix/remove-api-key-logging branch from 37abab4 to 7803521 Compare February 15, 2026 05:25
@GaneshPatil7517
Copy link
Author

GaneshPatil7517 commented Feb 15, 2026

Thanks @pradeeban sir for the feedback! I've updated the PR removed the comments and just deleted the print(apikey) lines entirely. The branch has been force-pushed with the fix.

@pradeeban pradeeban merged commit ab3562e into ControlCore-Project:dev Feb 18, 2026
6 checks passed
@pradeeban
Copy link
Member

pradeeban commented Feb 18, 2026

@GaneshPatil7517 I am merging since this PR addresses a legitimate concern. But I think we should actually simply remove that log line altogether. It does not serve any purpose. Also, this code assumes the mediator is currently running in controlcore.org. It does not.

@GaneshPatil7517
Copy link
Author

GaneshPatil7517 commented Feb 18, 2026

@GaneshPatil7517 I am merging since this PR addresses a legitimate concern. But I think we should actually simply remove that log line altogether. It does not serve any purpose. Also, this code assumes the mediator is currently running in controlcore.org. It does not.

Thanks for merging @pradeeban Sir Good point I can open a follow-up PR to remove that debug URL log line entirely since it doesn't serve a purpose. Happy to work on that if you'd like.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@GaneshPatil7517 @pradeeban