Skip to content

[INJICERT] Remove sensitive data from debug logs#619

Merged
swatigoel merged 1 commit intoinji:release-0.14.xfrom
tw-mosip:remove-logging
Feb 17, 2026
Merged

[INJICERT] Remove sensitive data from debug logs#619
swatigoel merged 1 commit intoinji:release-0.14.xfrom
tw-mosip:remove-logging

Conversation

@jaswanthkumartw
Copy link

@jaswanthkumartw jaswanthkumartw commented Feb 17, 2026
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Chores
    • Improved internal logging levels and messages for better system monitoring and operational insights.

@jaswanthkumartw
[INJICERT] Remove sensitive data from debug logs
3e1d06f 
Signed-off-by: jaswanthkumarpolisetty <jaswanthkumar.p@thoughtworks.com>
@coderabbitai
Copy link

coderabbitai bot commented Feb 17, 2026
edited
Loading

Walkthrough

The PR modifies logging statements across the credential signing and issuance service, converting debug-level logs to info-level logs and refining messages for consistency. No functional changes or control flow alterations are introduced.

Changes

Cohort / File(s) Summary
Logging Level Adjustments
certify-service/src/main/java/io/mosip/certify/credential/Credential.java, certify-service/src/main/java/io/mosip/certify/services/CertifyIssuanceServiceImpl.java		 Converts debug-level log statements to info-level across credential QR signing and issuance workflows; adds targeted warning and error logs for exceptional conditions (missing QR data, signing failures); message content simplified to generic or success-oriented wording.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Possibly related PRs

Suggested reviewers

  • swatigoel
  • Prafulrakhade

Poem

🐰 A rabbit hops through logs so bright,
From debug dark to info's light,
No function changed, just words refined,
The message speaks, the flow's aligned! 📋✨

🚥 Pre-merge checks | ✅ 3 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately reflects the main objective of the pull request: replacing debug-level logs with info-level logs and removing sensitive data from logging statements across the codebase.
Merge Conflict Detection ✅ Passed ✅ No merge conflicts detected when merging into release-0.14.x

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Feb 17, 2026
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
certify-service/src/main/java/io/mosip/certify/services/CertifyIssuanceServiceImpl.java (1)

307-315: ⚠️ Potential issue | 🟠 Major

CertifyException catch block re-wraps the exception with a new error code, hiding the original.

The CertifyException thrown at line 314 replaces the original error code (e.getErrorCode()) with a hardcoded "ERROR_SIGNING_QR_DATA" string. If the original exception already carries a meaningful domain error code (e.g., from signQrEntries), this catch block obscures it.

Also, signQrEntries itself already throws CertifyException with specific error codes (lines 356, 384, 388), so catching CertifyException here and re-wrapping it loses that specificity. Consider letting CertifyException propagate directly.

🐛 Suggested fix: let CertifyException propagate 
-        } catch (CertifyException e) {
-            log.error("Error during signing qr data: {}", e.getMessage());
-            throw new CertifyException("ERROR_SIGNING_QR_DATA", e.getMessage());
-        }
+        } catch (CertifyException e) {
+            log.error("Error during credential generation: {}", e.getErrorCode());
+            throw e;
+        }
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@certify-service/src/main/java/io/mosip/certify/services/CertifyIssuanceServiceImpl.java`
around lines 307 - 315, The CertifyException catch block in
CertifyIssuanceServiceImpl is re-wrapping and replacing the original domain
error code with a hardcoded "ERROR_SIGNING_QR_DATA", which hides the original
error information (e.g., from signQrEntries); change this catch to either remove
the CertifyException handler entirely or rethrow the caught exception as-is
(throw e) so the original getErrorCode()/message propagates unchanged, ensuring
callers receive the original CertifyException from signQrEntries and other
methods.
🧹 Nitpick comments (1)
certify-service/src/main/java/io/mosip/certify/services/CertifyIssuanceServiceImpl.java (1)

325-341: Excessive info-level logging inside the loop.

Lines 325, 327, 330, and 341 each emit an info log on every iteration (or once before the loop). For credentials with multiple QR entries this will be noisy in production. Consider keeping per-iteration progress logs at debug level and retaining only the summary logs (e.g., line 391) at info.

Since none of these per-entry messages appear to contain sensitive data (they only log the index i), debug would still be safe here and aligned with the PR's goal of cleaning up logs.

♻️ Suggested: demote per-entry logs back to debug 
-            log.info("Processing QR entry index {}", i);
+            log.debug("Processing QR entry index {}", i);
-            log.info("Claim 169 mapped data for QR entry index {}", i);
+            log.debug("Claim 169 mapped data for QR entry index {}", i);

Apply similarly to lines 372 and 377.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@certify-service/src/main/java/io/mosip/certify/services/CertifyIssuanceServiceImpl.java`
around lines 325 - 341, The per-entry info logs in CertifyIssuanceServiceImpl
that run inside the qrDataJson loop are too verbose for production; change the
per-iteration log.info calls (the "Processing QR entry index {}", "Claim 169
mapped data for QR entry index {}", and similar per-entry messages related to
claim169KeyMapper/claim169ValueMapper usage around the loop that call
pixelPass.getMappedData) to log.debug so only summary/info-level messages remain
for overall progress, and apply the same demotion to the two other per-entry
logs referenced (the ones called later in the method around where lines 372 and
377 are logged). Ensure you keep the existing info logs that summarize
initialization/completion but demote per-entry indexing/debug traces to debug.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In
`@certify-service/src/main/java/io/mosip/certify/services/CertifyIssuanceServiceImpl.java`:
- Around line 307-315: The CertifyException catch block in
CertifyIssuanceServiceImpl is re-wrapping and replacing the original domain
error code with a hardcoded "ERROR_SIGNING_QR_DATA", which hides the original
error information (e.g., from signQrEntries); change this catch to either remove
the CertifyException handler entirely or rethrow the caught exception as-is
(throw e) so the original getErrorCode()/message propagates unchanged, ensuring
callers receive the original CertifyException from signQrEntries and other
methods.

---

Nitpick comments:
In
`@certify-service/src/main/java/io/mosip/certify/services/CertifyIssuanceServiceImpl.java`:
- Around line 325-341: The per-entry info logs in CertifyIssuanceServiceImpl
that run inside the qrDataJson loop are too verbose for production; change the
per-iteration log.info calls (the "Processing QR entry index {}", "Claim 169
mapped data for QR entry index {}", and similar per-entry messages related to
claim169KeyMapper/claim169ValueMapper usage around the loop that call
pixelPass.getMappedData) to log.debug so only summary/info-level messages remain
for overall progress, and apply the same demotion to the two other per-entry
logs referenced (the ones called later in the method around where lines 372 and
377 are logged). Ensure you keep the existing info logs that summarize
initialization/completion but demote per-entry indexing/debug traces to debug.

@swatigoel swatigoel merged commit 3fe6174 into inji:release-0.14.x Feb 17, 2026
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@swatigoel swatigoel swatigoel approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jaswanthkumartw @swatigoel

Comments