Skip to content

Tame logging of HTTPX to not reveal credentials #86

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 3, 2025
Merged

Tame logging of HTTPX to not reveal credentials #86

merged 1 commit into from
Nov 3, 2025

Conversation

@amotl
Copy link
Member

@amotl amotl commented Nov 2, 2025
edited by coderabbitai bot
Loading

About

The httpx library emits sensitive information to the application log.

Recommendation

The recommendation is to alter the log level of HTTPX? Well, let's do it then, until swapping it for another library?

References

Summary by CodeRabbit

  • Bug Fixes
    • Enhanced logging security by configuring the HTTPX logger to hide sensitive credentials and prevent their exposure in application logs.

@amotl amotl requested review from WalBeh and surister November 2, 2025 19:09
@coderabbitai
Copy link

coderabbitai bot commented Nov 2, 2025
edited
Loading

Caution

Review failed

The pull request is closed.

Walkthrough

A changelog entry documents HTTPX logging security improvements. The CLI entrypoint now configures the HTTPX logger to WARNING level during initialization to prevent credential exposure in logs.

Changes

Cohort / File(s) Change Summary
Changelog
CHANGES.md		 Added unreleased changelog entry documenting HTTPX logging credential protection.
CLI Logging Configuration
cratedb_mcp/cli.py		 Initialized HTTPX logger configuration in the CLI entrypoint to set logging level to WARNING and suppress sensitive credential details during CLI startup.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

  • Changelog entry is purely documentation.
  • Logger configuration addition is a straightforward, defensive initialization step with minimal logic density.

Poem

🐰 A whisper of wisdom in logs we keep,
HTTPX secrets buried deep,
No credentials for prying eyes,
Just warnings that sensibly rise. 🔐

✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch httpx-credentials-logging
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between db1f07a and 177cd86.

📒 Files selected for processing (2)
  • CHANGES.md (1 hunks)
  • cratedb_mcp/cli.py (1 hunks)

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@amotl amotl force-pushed the httpx-credentials-logging branch from 55be3ab to 421fc9b Compare November 2, 2025 19:11
surister
surister approved these changes Nov 3, 2025
View reviewed changes
Copy link
Member

@surister surister left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, shame that it wasn't fixed at the core

@amotl amotl changed the title Tame logging of HTTPX to not reveal credentials. Thanks, @WalBeh. Tame logging of HTTPX to not reveal credentials Nov 3, 2025
@amotl amotl force-pushed the httpx-credentials-logging branch from 421fc9b to 177cd86 Compare November 3, 2025 10:22
@amotl amotl merged commit d2c2311 into main Nov 3, 2025
9 of 10 checks passed
@amotl amotl deleted the httpx-credentials-logging branch November 3, 2025 10:24
@amotl amotl mentioned this pull request Nov 9, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@surister surister surister approved these changes

@WalBeh WalBeh Awaiting requested review from WalBeh

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@amotl @surister