chore(core): Reduce logging of auth information

[dmihalcik-virtru]

Proposed Changes

• We can add these back if/when needed for debugging

Checklist

• I have added or updated unit tests
• I have added or updated integration tests (if appropriate)
• I have added or updated documentation

Testing Instructions

[gemini-code-assist]

Summary of Changes

Hello @dmihalcik-virtru, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on improving the security posture of the application by reducing the amount of sensitive authentication information logged. Specifically, it modifies the logging of Secure Request Tokens (SRTs) and request bodies, ensuring that only their lengths are recorded in logs rather than their full content. This change streamlines error reporting and prevents potential data leakage through log files, contributing to a more robust and secure system.

Highlights

• Reduced Logging of Sensitive Data: The pull request eliminates the direct logging of full Secure Request Tokens (SRTs) and request body content, replacing them with their respective lengths in log messages. This enhances security by preventing the accidental exposure of sensitive authentication information.
• Streamlined Error Logging: A dedicated helper function for logging SRT parse failures (logSRTParseFailure) has been removed, and error logging paths within parseSRT and extractSRTBody have been simplified, reducing redundancy and making logging more direct.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

---

Token's length now seen, Secrets safe, no full string, Logs are clean and lean.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request effectively reduces the logging of sensitive authentication information by replacing full tokens with their lengths, which is a great security enhancement. The removal of the logSRTParseFailure function and some redundant logging also simplifies the code.

I've identified a logging bug where the relevant error isn't being captured, potentially making debugging harder. I've also included a couple of suggestions to make the new logging more consistent and precise. Please take a look at the detailed comments.

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	177.254837ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	92.563887ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	357.098689ms
Throughput	280.03 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	39.066051962s
Average Latency	388.610152ms
Throughput	127.99 requests/second

NANOTDF Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	27.255298499s
Average Latency	271.665431ms
Throughput	183.45 requests/second

[github-actions]

X-Test Results

opentdfplatformV9RLXV.dockerbuild
✅ java-v0.4.34
✅ js-v0.4.34
cukes-report
✅ go-v0.4.34
bats-test-results
test-cases-mapping-report
✅ js-pull-2955
✅ java-pull-2955
✅ go-pull-2955

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	187.540338ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	113.333407ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	361.452907ms
Throughput	276.66 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	39.169254101s
Average Latency	389.796039ms
Throughput	127.65 requests/second

NANOTDF Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	27.716070529s
Average Latency	276.36245ms
Throughput	180.40 requests/second

[github-actions]

X-Test Results

opentdfplatformWOSH5O.dockerbuild
✅ java-v0.4.34
✅ js-v0.4.34
✅ go-v0.4.34
bats-test-results
test-cases-mapping-report
✅ js-pull-2955
✅ java-pull-2955
✅ go-pull-2955

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	160.736797ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	83.539927ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	355.069824ms
Throughput	281.63 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	38.277551377s
Average Latency	381.544282ms
Throughput	130.62 requests/second

NANOTDF Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	26.603905216s
Average Latency	265.236454ms
Throughput	187.94 requests/second

[github-actions]

X-Test Results

opentdfplatformYRWYBP.dockerbuild
✅ java-v0.4.34
✅ js-v0.4.34
cukes-report
✅ go-v0.4.34
bats-test-results
test-cases-mapping-report
✅ js-pull-2955
✅ java-pull-2955
✅ go-pull-2955

[jentfoo]

LGTM