mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-07-14 14:12:44 +00:00
fix(browser): redact CDP URL token in _create_cdp_session log and supervisor timeout
PR #54851 added _sanitize_url_for_logs() and wired it into the three log sites inside _resolve_cdp_override(). A fourth site was missed: _create_cdp_session() logs the already-resolved cdp_url unconditionally, and CDPSupervisor.start() interpolates the raw cdp_url[:80] into the attach-timeout TimeoutError (which _ensure_cdp_supervisor() logs with %s). Both leak query-string credentials (e.g. ?token=secret from hosted CDP providers) into Hermes logs. Sanitize the URL at both remaining sites. The raw URL is preserved unmodified in the returned session dict and used for the real connection; only the logged/error representation is redacted. Salvaged from #55883. Co-authored-by: srojk34 <286497132+srojk34@users.noreply.github.com>
This commit is contained in:
parent
f2a528fb59
commit
265da9cadb
3 changed files with 105 additions and 2 deletions
|
|
@ -1945,7 +1945,7 @@ def _create_cdp_session(task_id: str, cdp_url: str) -> Dict[str, str]:
|
|||
import uuid
|
||||
session_name = f"cdp_{uuid.uuid4().hex[:10]}"
|
||||
logger.info("Created CDP browser session %s → %s for task %s",
|
||||
session_name, cdp_url, task_id)
|
||||
session_name, _sanitize_url_for_logs(cdp_url), task_id)
|
||||
return {
|
||||
"session_name": session_name,
|
||||
"bb_session_id": None,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue