Skip to content

Issue UI: redact private data like (user, locations, ...) #25039

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 27 commits into from
Nov 26, 2025
Merged

Issue UI: redact private data like (user, locations, ...) #25039

merged 27 commits into from
Nov 26, 2025

Conversation

Copy link
Contributor

Copilot AI commented Nov 4, 2025
edited by naltatis
Loading

fixes #24754

Adds private data redaction to bug reporter device configurations, preventing personally identifiable information from being exposed in GitHub issues/discussions.

  • extend template system with private field and marked the relevant fields (user, vin, zip, ...)
  • add ?private=false query parameter to config endpoints with server-side sanitization
  • updated issue UI to pass private=false when fetching config data for bug reports
  • redact config-ui created yaml (tariff, messages, load management, ...)
  • add e2e test to verify

@naltatis
Copy link
Member

naltatis commented Nov 4, 2025

@copilot lets keep host and ip public for now. You're right, they might contain private data but usually are uncritical local addresses. Errors, mistypings in these fields are often a source of issue. Keeping them visible in bug reports helps us to identify issues.

Copilot AI and others added 3 commits November 4, 2025 13:32
@naltatis
Add private data masking support for bug reporter
0101e2e 
- Add Private field to Param struct
- Mark private parameters in defaults.yaml (host, ip, user, vin, zip, etc.)
- Update sanitization to support private parameter redaction
- Add private query parameter support to device endpoints
- Update Issue.vue to pass private=false for device configs

Co-authored-by: naltatis <[email protected]>
@naltatis
Add e2e test for private data redaction in device configs
5a99f81 
Co-authored-by: naltatis <[email protected]>
@naltatis
Refine e2e test for better compatibility
7e86b2c 
Co-authored-by: naltatis <[email protected]>
@naltatis
Copy link
Member

naltatis commented Nov 4, 2025

Note: SKI (Subject Key Identifier) was intentionally excluded per issue instructions stating "SKI/EEBUS certs can be ignored here (other topic)".

@copilot correction. Ski as template param should be marked as private. Ski as part of eebus config (yaml) can be ignored for now.

Copilot AI changed the title [WIP] Add function to mask private data in bug reporter Add private data redaction to bug reporter device configs Nov 4, 2025
Copilot AI requested a review from naltatis November 4, 2025 13:51
Copilot finished work on behalf of naltatis November 4, 2025 13:51
naltatis
naltatis reviewed Nov 4, 2025
View reviewed changes
Copy link
Contributor Author

Copilot AI commented Nov 4, 2025
edited
Loading

@copilot lets keep host and ip public for now. You're right, they might contain private data but usually are uncritical local addresses. Errors, mistypings in these fields are often a source of is...

Done. Removed private: true from host and ip parameters in 8de4b86. They will now remain visible in bug reports to help with troubleshooting.

Note: SKI (Subject Key Identifier) was intentionally excluded per issue instructions stating "SKI/EEBUS certs can be ignored here (other topic)".

@copilot correction. Ski as template param should...

Done. Added private: true to the ski template parameter in 8de4b86. SKI values will now be redacted in bug reports.

naltatis
naltatis reviewed Nov 4, 2025
View reviewed changes
Copilot AI requested a review from naltatis November 4, 2025 14:00
Copilot finished work on behalf of naltatis November 4, 2025 14:00
@naltatis
Fix e2e test: use semantic selectors and Shelly meter for private dat…
f1a77b5 
…a testing

- Replace locator() with getByLabel() for semantic selectors
- Replace separate Audi vehicle test with integrated Shelly meter test
- Add username field testing within existing "create issue via ui" test
- Use Shelly 1PM which has optional username field (no real credentials needed)
- Verify private data (username, password) is redacted in bug report

Co-authored-by: naltatis <[email protected]>
Copilot finished work on behalf of naltatis November 4, 2025 14:09
@naltatis
Copy link
Member

naltatis commented Nov 4, 2025

@copilot also make long, lat (forecast-base) private.
accessToken and refreshToken should be masked.

naltatis
naltatis reviewed Nov 4, 2025
View reviewed changes
@naltatis
Mark lat/lon as private and accesstoken/refreshtoken as masked
f3dac0a 
- Add private: true to lat and lon parameters (location data)
- Add mask: true to accesstoken and refreshtoken (security sensitive)

Co-authored-by: naltatis <[email protected]>
Copy link
Contributor Author

Copilot AI commented Nov 4, 2025

@copilot also make long, lat (forecast-base) private.
accessToken and refreshToken should be masked.

Done in f3dac0a:

  • Marked lat and lon as private: true (location data will be redacted in bug reports)
  • Marked accesstoken and refreshtoken as mask: true (security tokens will be masked)

Copilot finished work on behalf of naltatis November 4, 2025 14:19
Copilot AI requested a review from naltatis November 4, 2025 14:19
@naltatis naltatis added backlog Things to do later and removed stale Outdated and ready to close labels Nov 18, 2025
@naltatis
Copy link
Member

naltatis commented Nov 25, 2025

@andig please review again. I've removed the redundant field configuration. config_redactor.go now only contains fields that are not (yet) covered by template params.
I had to use go codgen to avoid circular dependencies.

andig
andig reviewed Nov 25, 2025
View reviewed changes
util/config_redactor.go Outdated
for k := range res {
if slices.Contains(configRedactSecrets, k) {
res[k] = "*****"
for _, secret := range configRedactSecrets {
Copy link
Member

@andig andig Nov 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Du meinst slices.ContainsFunc ;)

Copy link
Member

@andig andig Nov 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Siehe

	if !slices.ContainsFunc(customTypes, func(s string) bool {
		return strings.EqualFold(res.Type, s)
	}) {
		return configReq{}, errors.New("invalid config: yaml only allowed for types " + strings.Join(customTypes, ", "))
	}

andig
andig reviewed Nov 25, 2025
View reviewed changes
andig
andig reviewed Nov 25, 2025
View reviewed changes
andig
andig reviewed Nov 25, 2025
View reviewed changes
andig
andig reviewed Nov 25, 2025
View reviewed changes
naltatis
naltatis reviewed Nov 25, 2025
View reviewed changes
andig
andig reviewed Nov 25, 2025
View reviewed changes
@andig
Copy link
Member

andig commented Nov 25, 2025

Mhhm. Did the param extraction simplification break something?

naltatis
naltatis reviewed Nov 26, 2025
View reviewed changes
@naltatis naltatis marked this pull request as ready for review November 26, 2025 08:52
@andig andig merged commit a65a1ce into master Nov 26, 2025
7 checks passed
@andig andig deleted the copilot/mask-private-data-in-bug-reporter branch November 26, 2025 12:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@naltatis naltatis naltatis left review comments

@andig andig andig left review comments

Assignees

@naltatis naltatis

Copilot code review Copilot

Labels

backlog Things to do later enhancement New feature or request ux User experience/ interface

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Bug reporter, mask private data

3 participants

@naltatis @andig