From 93517fa3b68b2725f3da9de119553e303e972e00 Mon Sep 17 00:00:00 2001 From: psy42a Date: Mon, 18 Aug 2025 23:11:12 +1000 Subject: [PATCH] fix: mask Component Secrets in trace logs (#8204) Co-authored-by: psy42a <17905361+psy42a@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Gabriel Luiz Freitas Almeida --- .../base/langflow/services/tracing/service.py | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/src/backend/base/langflow/services/tracing/service.py b/src/backend/base/langflow/services/tracing/service.py index 03d00ca71..fdf4e8a05 100644 --- a/src/backend/base/langflow/services/tracing/service.py +++ b/src/backend/base/langflow/services/tracing/service.py @@ -275,10 +275,19 @@ class TracingService(Service): @staticmethod def _cleanup_inputs(inputs: dict[str, Any]): inputs = inputs.copy() - for key in inputs: - if "api_key" in key: - inputs[key] = "*****" # avoid logging api_keys for security reasons - return inputs + sensitive_keywords = {"api_key", "password", "server_url"} + + def _mask(obj: Any): + if isinstance(obj, dict): + return { + k: "*****" if any(word in k.lower() for word in sensitive_keywords) else _mask(v) + for k, v in obj.items() + } + if isinstance(obj, list): + return [_mask(i) for i in obj] + return obj + + return _mask(inputs) def _start_component_traces( self, @@ -344,6 +353,7 @@ class TracingService(Service): if component._vertex: trace_id = component._vertex.id trace_type = component.trace_type + inputs = self._cleanup_inputs(inputs) component_trace_context = ComponentTraceContext( trace_id, trace_name, trace_type, component._vertex, inputs, metadata )