Conversation
github-actions
bot
added
the
Scope: Backend
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
| extra={ | ||
| "dedup_key": dedup_key, | ||
| "dropped_action_ids": sorted(action_ids), | ||
| "replacement_action_id": dedup_key_to_action_id[dedup_key], |
There was a problem hiding this comment.
Dedup logs expose action configuration secrets
Medium Severity
get_unique_active_actions now logs raw dedup_key in action.py. dedup_key is built from Action.config and Action.data, so this can emit sensitive values like webhook URLs, integration identifiers, or user-target data into logs and log pipelines.
There was a problem hiding this comment.
Sensitive, but not secret, which should be fine given that this is going to logs.
Might drop the dedup key to be safe though, as it isn't critical, though there are cases in which it may be useful.
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
We don't currently have any record of when actions are dropped due to dedup, so it's hard to assess the impact of or debug potential misbehavior of deduplication. This adds suitably detailed logging (economical given that this requires triggering, and triggering is relatively rare) and a counter tagged with group type. Related: ISWF-1946
We don't currently have any record of when actions are dropped due to dedup, so it's hard to assess the impact of or debug potential misbehavior of deduplication. This adds suitably detailed logging (economical given that this requires triggering, and triggering is relatively rare) and a counter tagged with group type. Related: ISWF-1946
2 participants
We don't currently have any record of when actions are dropped due to dedup, so it's hard to assess the impact of or debug potential misbehavior of deduplication.
This adds suitably detailed logging (economical given that this requires triggering, and triggering is relatively rare) and a counter tagged with group type.
Related: ISWF-1946