Skip to content

feat: implement SDMX HTTP response support using google.api.HttpBody#1914

Draft
rohitkumarbhagat wants to merge 2 commits into
datacommonsorg:masterfrom
rohitkumarbhagat:sdmx-response-using-grpc
Draft

feat: implement SDMX HTTP response support using google.api.HttpBody#1914
rohitkumarbhagat wants to merge 2 commits into
datacommonsorg:masterfrom
rohitkumarbhagat:sdmx-response-using-grpc

Conversation

@rohitkumarbhagat

Copy link
Copy Markdown
Contributor

No description provided.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a temporary query probe endpoint (V3SdmxQueryProbe) to validate SDMX query parsing through Envoy and ESPv2, along with comprehensive design and routing documentation. It adds the vendored google.api.HttpBody proto, implements the probe handler that parses raw query parameters from the x-envoy-original-path metadata, and includes corresponding unit tests. The review feedback suggests a security improvement to expand the list of redacted query parameter names in redactSDMXProbeValue to prevent accidental leakage of sensitive tokens or credentials in debug logs and responses.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment on lines +161 to +168
func redactSDMXProbeValue(name, value string) string {
switch strings.ToLower(name) {
case "key", "api_key", "api-key", "apikey", "access_token":
return "[REDACTED]"
default:
return value
}
}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-medium medium

To prevent accidental leakage of sensitive tokens or credentials in debug logs and responses, consider expanding the list of redacted query parameter names in redactSDMXProbeValue to include other common names such as "access-token", "token", "secret", "authorization", and "auth".

Suggested change
func redactSDMXProbeValue(name, value string) string {
switch strings.ToLower(name) {
case "key", "api_key", "api-key", "apikey", "access_token":
return "[REDACTED]"
default:
return value
}
}
func redactSDMXProbeValue(name, value string) string {
switch strings.ToLower(name) {
case "key", "api_key", "api-key", "apikey", "access_token", "access-token", "token", "secret", "authorization", "auth":
return "[REDACTED]"
default:
return value
}
}
References
  1. Avoid logging entire request objects, such as SparqlRequest, as they may contain sensitive information or PII. Sanitize or mask data before logging.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant