Problem
Client._connect() and _disconnect() log the complete WebSocket connection URL at INFO level. The URL returned by the Lark WebSocket endpoint contains sensitive access_key and ticket query values, so normal lifecycle logs can disclose credentials to stdout, journals, or downstream log collectors.
The current default-branch code passes the original URL directly to both log calls:
logger.info(self._fmt_log("connected to {}", conn_url))
logger.info(self._fmt_log("disconnected to {}", self._conn_url))
Reproduce / evidence
Using only fictional values, suppose _get_conn_url() returns:
wss://msg-frontier.example.test/ws/v2?fpid=493&access_key=access-key-test-value&service_id=33554678&ticket=ticket-test-value
After a connection and disconnect, the INFO messages include both access-key-test-value and ticket-test-value verbatim. The same original URL is also correctly required by websockets.connect(); the connection input itself must not be changed.
I searched current issues, pull requests, and default-branch code for msg-frontier, access_key, ticket, connected to, redact websocket URL, and sanitize URL query. I did not find an issue or PR that covers redaction of both WebSocket lifecycle log messages.
Required fix
Please redact only the values of the access_key and ticket query parameters before formatting the connection and disconnection INFO messages, while preserving the original URL for connection state and websockets.connect().
The log-safe representation should preserve non-sensitive query parameters and enough endpoint context for diagnostics. Ideally it should also preserve query ordering, repeated parameters, percent-encoding, empty/value-less parameters, and fragments except for replacing the two sensitive values.
Please add regression tests proving that:
- neither lifecycle log contains the original
access_key or ticket value;
- non-sensitive URL context remains visible;
websockets.connect() receives the exact original URL; and
- both connection and disconnection logs use the redacted representation.
Problem
Client._connect()and_disconnect()log the complete WebSocket connection URL at INFO level. The URL returned by the Lark WebSocket endpoint contains sensitiveaccess_keyandticketquery values, so normal lifecycle logs can disclose credentials to stdout, journals, or downstream log collectors.The current default-branch code passes the original URL directly to both log calls:
logger.info(self._fmt_log("connected to {}", conn_url))logger.info(self._fmt_log("disconnected to {}", self._conn_url))Reproduce / evidence
Using only fictional values, suppose
_get_conn_url()returns:After a connection and disconnect, the INFO messages include both
access-key-test-valueandticket-test-valueverbatim. The same original URL is also correctly required bywebsockets.connect(); the connection input itself must not be changed.I searched current issues, pull requests, and default-branch code for
msg-frontier,access_key,ticket,connected to,redact websocket URL, andsanitize URL query. I did not find an issue or PR that covers redaction of both WebSocket lifecycle log messages.Required fix
Please redact only the values of the
access_keyandticketquery parameters before formatting the connection and disconnection INFO messages, while preserving the original URL for connection state andwebsockets.connect().The log-safe representation should preserve non-sensitive query parameters and enough endpoint context for diagnostics. Ideally it should also preserve query ordering, repeated parameters, percent-encoding, empty/value-less parameters, and fragments except for replacing the two sensitive values.
Please add regression tests proving that:
access_keyorticketvalue;websockets.connect()receives the exact original URL; and