Skip to content

fix: [PM-19904] Audit Fix#1067

Merged
gilescope merged 8 commits into
mainfrom
fix/PM-19904-db-connection-details-leaked-in-logs
Apr 10, 2026
Merged

fix: [PM-19904] Audit Fix#1067
gilescope merged 8 commits into
mainfrom
fix/PM-19904-db-connection-details-leaked-in-logs

Conversation

@m2ux

@m2ux m2ux commented Mar 24, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Summary

Redact sensitive database connection details (host, port, database name) from error-level log messages in the main chain follower module. This addresses security audit finding PM-19904 (Least Authority Issue AF) — information leakage through verbose error logging.

🎫 Ticket 📐 Engineering

Motivation

When the node encounters a database connection failure, error-level logs previously included the database host, port, and name. These details are routinely collected by monitoring tools and could aid targeted attacks if logs are exposed. This change moves infrastructure details to debug-level logging while preserving the error indication and underlying cause at error level.

Changes

  • Error redaction: Simplified PostgresConnectionError from 4 fields (host, port, db, error) to 1 field (error only) in both node/src/main_chain_follower.rs and primitives/mainchain-follower/src/data_source/mod.rs
  • Debug logging: Added log::debug! calls that emit full connection details at debug level for authorized troubleshooting
  • Idiomatic error handling: Return typed PostgresConnectionError directly from map_err closures (no intermediate .to_string())
  • Tests: Added connection_error_redacts_infrastructure_details unit test in node crate; rewrote connection_error_redacts_host_port_and_database integration test in primitives crate to verify redaction
  • Change file: changes/changed/audit-redact-db-connection-logging.md

Submission Checklist

  • Changes are backward-compatible (or flagged if breaking)
  • Pull request description explains why the change is needed
  • Self-reviewed the diff
  • I have included a change file, or skipped for this reason: [reason]
  • If the changes introduce a new feature, I have bumped the node minor version
  • Update documentation (if relevant)
  • No new todos introduced

Fork Strategy

  • Node Runtime Update
  • Node Client Update
  • Other
  • N/A

@m2ux m2ux self-assigned this Mar 24, 2026
@m2ux m2ux changed the title fix: [PM-19904] Redact database connection details from error logs fix: [PM-19904] Audit Fix Mar 24, 2026
@m2ux m2ux force-pushed the fix/PM-19904-db-connection-details-leaked-in-logs branch from 400cb68 to 23f290c Compare March 24, 2026 17:42
@m2ux m2ux force-pushed the fix/PM-19904-db-connection-details-leaked-in-logs branch from 8681d9e to ea3723e Compare March 30, 2026 10:52
@m2ux
Merge branch 'main' of https://github.com/midnightntwrk/midnight-node
65c5520 
…into fix/PM-19904-db-connection-details-leaked-in-logs
@m2ux m2ux marked this pull request as ready for review April 2, 2026 14:13
@m2ux m2ux requested a review from a team as a code owner April 2, 2026 14:13
@gilescope
fix: Remove intermediate .to_string() call
60105ec 
Signed-off-by: Giles Cope <gilescope@gmail.com>
@gilescope gilescope force-pushed the fix/PM-19904-db-connection-details-leaked-in-logs branch from 961804c to 60105ec Compare April 10, 2026 13:02
@gilescope gilescope enabled auto-merge April 10, 2026 13:03
@gilescope gilescope added this to the node-1.0.0 milestone Apr 10, 2026
@gilescope gilescope added this pull request to the merge queue Apr 10, 2026
Merged via the queue into main with commit 161d3da Apr 10, 2026
31 checks passed
@gilescope gilescope deleted the fix/PM-19904-db-connection-details-leaked-in-logs branch April 10, 2026 14:35
m2ux added a commit that referenced this pull request Apr 23, 2026
@m2ux @gilescope
fix: [PM-19904] Audit Fix (#1067)
839ec2c 
* fix: [PM-19904] redact database connection details from error logs

Initial commit for work package. Implementation pending planning
and design activities.

* fix(PM-19904): redact db connection details from error logs

* fix(PM-19904): redact connection details in primitives and update test

* test(PM-19904): add redaction verification test in node binary

* chore(PM-19904): add change file for db connection detail redaction

* fix: Remove intermediate .to_string() call

Signed-off-by: Giles Cope <gilescope@gmail.com>

---------

Signed-off-by: Giles Cope <gilescope@gmail.com>
Co-authored-by: Giles Cope <gilescope@gmail.com>
Co-authored-by: Squirrel <giles.cope@shielded.io>
Signed-off-by: Mike Clay <mike.clay@shielded.io>
m2ux added a commit that referenced this pull request Apr 23, 2026
@m2ux @gilescope
fix: [PM-19904] Audit Fix (#1067)
5e04d34 
* fix: [PM-19904] redact database connection details from error logs

Initial commit for work package. Implementation pending planning
and design activities.

* fix(PM-19904): redact db connection details from error logs

* fix(PM-19904): redact connection details in primitives and update test

* test(PM-19904): add redaction verification test in node binary

* chore(PM-19904): add change file for db connection detail redaction

* fix: Remove intermediate .to_string() call

Signed-off-by: Giles Cope <gilescope@gmail.com>

---------

Signed-off-by: Giles Cope <gilescope@gmail.com>
Co-authored-by: Giles Cope <gilescope@gmail.com>
Co-authored-by: Squirrel <giles.cope@shielded.io>
Signed-off-by: Mike Clay <mike.clay@shielded.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gilescope gilescope gilescope approved these changes

Assignees

@m2ux m2ux

Labels

None yet

Projects

None yet

Milestone

node-1.0.0

Development

Successfully merging this pull request may close these issues.

2 participants

@m2ux @gilescope