fix: redact sensitive headers in debug logs (fixes #1196)#2977
fix: redact sensitive headers in debug logs (fixes #1196)#2977rookweb1 wants to merge 1 commit intoopenai:mainfrom
Conversation
Prevent API keys and other sensitive headers from being logged in plaintext when debug logging is enabled. - Add _redact_sensitive_headers helper method - Use redacted headers in debug logging - Fixes security vulnerability where Authorization headers with API keys were exposed
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: cf5b851743
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| safe_options = options.model_dump() | ||
| if "headers" in safe_options: | ||
| safe_options["headers"] = self._redact_sensitive_headers(safe_options["headers"]) | ||
| log.debug("Request options: %s", safe_options) |
There was a problem hiding this comment.
This line terminates log.debug(...) after only two arguments, but the old indented exclude=... argument block is still present below, which makes the module fail to parse (IndentationError at import time). As a result, importing openai._base_client breaks and the SDK cannot run.
Useful? React with 👍 / 👎.
| model_dump( | ||
| options, | ||
| exclude_unset=True, | ||
| safe_options = options.model_dump() |
There was a problem hiding this comment.
Calling options.model_dump() directly here drops the compatibility layer used elsewhere in the repo; under Pydantic v1, FinalRequestOptions (a pydantic.BaseModel) does not guarantee a model_dump method, so enabling DEBUG logging can raise AttributeError before the request is built. This should keep using the existing compatibility helper to avoid version-specific runtime failures.
Useful? React with 👍 / 👎.
alvinttang
left a comment
alvinttang
left a comment
There was a problem hiding this comment.
Code Review
Bug: Broken log.debug call leaves orphaned exclude argument (syntax error at runtime)
File: src/openai/_base_client.py, around L503-510
The original code was a single log.debug(...) call that included model_dump(options, exclude_unset=True, exclude={"content", ...}). The PR replaces the first 4 lines of this multi-line expression with safe_options = options.model_dump() + log.debug(...), but leaves the remaining lines of the original expression dangling:
safe_options = options.model_dump()
if "headers" in safe_options:
safe_options["headers"] = self._redact_sensitive_headers(safe_options["headers"])
log.debug("Request options: %s", safe_options)
# Pydantic v1 can't dump every type we support in content, so we exclude it for now.
exclude={
"content",The exclude={... fragment is now orphaned code — this will raise a SyntaxError (or at best be a bare dict expression with no effect, depending on surrounding context). The model_dump() call also lost the exclude_unset=True parameter and the exclude={"content", ...} filter, meaning:
- The debug log will now dump
contentfields (potentially large base64 image data) that were previously excluded - Fields that were unset will now appear in the log output (noise)
- The code may not even parse depending on how the orphaned lines interact with the surrounding code
The fix needs to preserve the original model_dump() call's parameters and properly terminate the new log.debug() statement before removing the old lines.
Minor: _redact_sensitive_headers uses substring matching which over-matches
The any(sensitive in key_lower for sensitive in sensitive_keys) check does substring matching. A header named x-custom-api-key-version would be redacted because it contains "api-key". While this is arguably safer (erring on the side of redaction), it's worth noting that it also means the set sensitive_keys doesn't behave like a set of exact keys — it's a set of substrings. The variable name is misleading.
Consider either using exact matching (key_lower in sensitive_keys) or renaming to sensitive_patterns / sensitive_substrings to clarify intent.
2 participants
Description
Fixes security issue #1196 where API keys and other sensitive headers are logged in plaintext when debug logging is enabled.
Problem
When
log.isEnabledFor(logging.DEBUG)is true, themake_requestmethod logs the fulloptions.model_dump()which includes headers with API keys (Authorization header, api-key, etc.). This is a serious security vulnerability.Solution
Added a
_redact_sensitive_headershelper method to theBaseClientclass that redacts sensitive headers before logging. Modified the debug logging to use this redacted version.Changes
_redact_sensitive_headersmethod that redacts:_make_requestto use redacted headersSecurity Impact
Prevents accidental exposure of API keys in debug logs, which could lead to:
This is especially critical in:
Testing
The fix maintains all existing functionality while ensuring sensitive data is never logged. All headers are still available for the actual HTTP request, only the logging is affected.
Closes #1196