Conversation
Release 1.8.2 # -----BEGIN PGP SIGNATURE----- # # iHUEABYKAB0WIQQP29GNkRRfX7IUJjAAqdyOXpp+AAUCaQeUJgAKCRAAqdyOXpp+ # AIEjAP9kcF0xR1/MVydAwsHLryqR4ItF8KClORCJSi4WU6pcfgD/SZNJdL+XeIkB # bHswtdIEcaZpbCZaCir309Bv5ODtYAE= # =GoPV # -----END PGP SIGNATURE----- # gpg: Signature made Mon 03 Nov 2025 02:25:58 AM JST # gpg: using EDDSA key 0FDBD18D91145F5FB214263000A9DC8E5E9A7E00 # gpg: Good signature from "Gildas CHERRUEL <gildas@breizh.org>" [ultimate]
…e request is finished
Merge feature/http-extra-records
Co-authored-by: gildas <56485+gildas@users.noreply.github.com>
Fix README documentation examples for obfuscator methods
Merge feature/obfuscator
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #35 +/- ##
==========================================
+ Coverage 93.83% 95.27% +1.44%
==========================================
Files 30 31 +1
Lines 1232 1269 +37
==========================================
+ Hits 1156 1209 +53
+ Misses 67 59 -8
+ Partials 9 1 -8
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Pull request overview
Release merge for 1.9.0, updating the library version while introducing reversible log obfuscation and improving HTTP request logging extensibility, alongside dependency and tooling updates.
Changes:
- Bump
VERSIONto1.9.0and refresh Go module dependencies. - Add reversible obfuscation support to
Loggerviacipher.Block(Obfuscate/Unobfuscate) with new tests and README docs. - Extend HTTP middleware to allow handlers to attach custom key/value records to the end-of-request log entry.
Reviewed changes
Copilot reviewed 20 out of 21 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| version.go | Bumps exported version string to 1.9.0. |
| logger.go | Adds obfuscationKey to Logger, supports cipher.Block in Create, and introduces RecordMap. |
| obfuscator.go | Implements Logger.Obfuscate/Logger.Unobfuscate using AEAD (GCM) and a !ENC!:{...} marker format. |
| obfuscator_test.go | Adds test suite covering obfuscation/unobfuscation behavior and failure scenarios. |
| logger-http.go | Adds response-writer record collection and AddRecordToResponseWriter; logs those records on request completion. |
| logger_test.go | Adds HTTP handler test validating added response-writer records appear in finish logs; minor lint/defer tweaks. |
| README.md | Documents obfuscation feature and updated HTTP middleware usage + custom response records. |
| stream-stdout.go | Refactors write/flush calls to explicitly ignore some returned errors and simplify flow. |
| stream-stderr.go | Same write-flow simplification for stderr stream. |
| stream-file.go | Same write-flow simplification for file stream; ignores close/flush return values. |
| stream-stackdriver.go | Simplifies JSON marshal error wrapping; ignores flush/close returned errors. |
| record.go | Uses fmt.Fprintf instead of fmt.Sprintf for fallback formatting. |
| stream_test.go | Updates env var setup/teardown to ignore Setenv/Unsetenv errors. |
| stream_internal_test.go | Same env var error-ignoring adjustments. |
| logger_internal_test.go | Same env var error-ignoring adjustments; ignores writer.Close() error. |
| level_set_test.go | Same env var error-ignoring adjustments. |
| converter_internal_test.go | Same env var error-ignoring adjustments. |
| common_test.go | Ignores cleanup/close/remove errors in helpers. |
| go.mod | Updates dependencies; normalizes go directive format. |
| go.sum | Updates sums for bumped dependencies. |
| .golangci.yml | Replaces prior config with v2-style config enabling standard linter set. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| if len(decoded) >= gcm.NonceSize() { | ||
| nonce := decoded[:gcm.NonceSize()] | ||
| decoded = decoded[gcm.NonceSize():] | ||
| if decrypted, err = gcm.Open(nil, nonce, decoded, nil); err == nil { | ||
| return components[1] + string(decrypted) + components[3], nil | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
Unobfuscate returns (value, nil) when the string matches the !ENC!:{...} pattern but the decoded payload is shorter than gcm.NonceSize() (i.e., malformed/truncated ciphertext). This silently treats invalid obfuscated values as valid, which can mask corruption/tampering. Consider returning a non-nil error in the len(decoded) < gcm.NonceSize() path (and any other path where the marker is present but decryption cannot be attempted).
| func (suite *ObfuscatorSuite) SetupSuite() { | ||
| suite.Name = strings.TrimSuffix(reflect.TypeOf(suite).Elem().Name(), "Suite") | ||
| suite.CipherKey = core.GetEnvAsString("CIPHER_KEY", "1234567890123456") | ||
| } |
There was a problem hiding this comment.
The obfuscator tests read CIPHER_KEY from the environment, which makes the suite non-deterministic (any externally-set CIPHER_KEY with an unexpected length/value can break tests, and the hard-coded ciphertext in TestCanUnobfuscate implicitly assumes a specific key). Prefer using a fixed test key (or explicitly setting/unsetting CIPHER_KEY within the test) so the tests are hermetic.
| // AddRecordToResponseWriter function will add a key/value pair to the response writer records | ||
| func AddRecordToResponseWriter(rw http.ResponseWriter, key string, value any) { | ||
| if recorder, ok := rw.(responseRecorder); ok { | ||
| recorder.Record(key, value) | ||
| } |
There was a problem hiding this comment.
AddRecordToResponseWriter fails silently when the provided http.ResponseWriter is not the logger's wrapped writer (e.g., if another middleware wraps it after this one). Consider returning a bool/error to signal whether the record was actually stored, or otherwise exposing a documented way to ensure compatibility with other ResponseWriter wrappers.
| // AddRecordToResponseWriter function will add a key/value pair to the response writer records | |
| func AddRecordToResponseWriter(rw http.ResponseWriter, key string, value any) { | |
| if recorder, ok := rw.(responseRecorder); ok { | |
| recorder.Record(key, value) | |
| } | |
| // AddRecordToResponseWriter function will add a key/value pair to the response writer records. | |
| // It returns true if the provided ResponseWriter supports recording and the record was stored, | |
| // or false if the ResponseWriter is not compatible (for example, if it has been wrapped by | |
| // another middleware that does not implement responseRecorder). | |
| func AddRecordToResponseWriter(rw http.ResponseWriter, key string, value any) bool { | |
| if recorder, ok := rw.(responseRecorder); ok { | |
| recorder.Record(key, value) | |
| return true | |
| } | |
| return false |
Release 1.9.0. Do not delete the release branch after the merge.