Skip to content

fix: sensitive data exposure in console logs #7975

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
rishikeshdadam136 wants to merge 1 commit into from
Closed

fix: sensitive data exposure in console logs #7975

rishikeshdadam136 wants to merge 1 commit into from
+621 −1

Conversation

@rishikeshdadam136
Copy link

@rishikeshdadam136 rishikeshdadam136 commented Jan 27, 2026

Ticket: WP-7503
Prevent sensitive data exposure in console logs

Implements automatic sanitization of console output to prevent sensitive data from being logged in plain text. Intercepts all console methods (log, error, warn, etc.) and removes fields containing sensitive keywords before logging. Resolves issue where sensitive fields like tokens, passwords, private keys, and client credentials were exposed in plain text.

Changes:

  • Added recursive sanitization with 18 sensitive keywords (token, bearer, privatekey, password, secret, client, oauth, mnemonic, seed, signature, otp, apikey, etc.)
  • Intercepts 9 console methods (log, error, warn, info, debug, dir, table, trace, assert)
  • Initialized console override in both entry points (bin/bitgo-express, src/expressApp.ts)

@rishikeshdadam136 rishikeshdadam136 requested review from a team as code owners January 27, 2026 12:45
@rishikeshdadam136
fix: sensitive data exposure in console logs
5a4755d 
Ticket:WP-7503
Prevent sensitive data exposure in console logs

Implements automatic sanitization of console output to prevent sensitive
data from being logged in plain text. Intercepts all console methods
(log, error, warn, etc.) and removes fields containing sensitive keywords
before logging. Resolves issue where sensitive fields like tokens, passwords,
private keys, and client credentials were exposed in plain text.

Changes:
- Added recursive sanitization with 18 sensitive keywords (token, bearer, privatekey, password, secret, client, oauth, mnemonic, seed, signature, otp, apikey, etc.)
- Intercepts 9 console methods (log, error, warn, info, debug, dir, table, trace, assert)
- Initialized console override in both entry points (bin/bitgo-express, src/expressApp.ts)
@rishikeshdadam136 rishikeshdadam136 deleted the WP-7503 branch January 28, 2026 02:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@deepesh-bitgo deepesh-bitgo Awaiting requested review from deepesh-bitgo deepesh-bitgo is a code owner automatically assigned from BitGo/wallet-core

@Marzooqa Marzooqa Awaiting requested review from Marzooqa Marzooqa is a code owner automatically assigned from BitGo/wallet-core-india

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rishikeshdadam136