feat: Add script to export answers and refactor case service to show BMI #16
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| unique_values = person_rows[col].unique() | ||
| if len(unique_values) > 1: | ||
| inconsistent_count += 1 | ||
| logger.warning(f"Person {person_id}: {col} has inconsistent values {list(unique_values)}") |
Check failure
Code scanning / CodeQL
Clear-text logging of sensitive information High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 2 months ago
The best way to fix the problem is to avoid logging cleartext sensitive data—specifically, do not log the actual field values (unique_values) and potentially avoid logging the column name in detail. Instead, log only that inconsistency was detected for a given person and column in a generic way. Optionally, you may log the column header (if that is not sensitive in context), but never the actual data. Alternatively, log only the count and perhaps person_id (if not sensitive), or consider hashing the data if necessary for debugging. To implement this:
- Edit the log message on line 530.
- Instead of logging the full value list for the inconsistent field, just report the occurrence discretely without exposing value contents.
- No extra imports are needed.
| @@ -527,7 +527,7 @@ | ||
| unique_values = person_rows[col].unique() | ||
| if len(unique_values) > 1: | ||
| inconsistent_count += 1 | ||
| logger.warning(f"Person {person_id}: {col} has inconsistent values {list(unique_values)}") | ||
| logger.warning(f"Person {person_id}: {col} has inconsistent values (suppressed for privacy)") | ||
|
|
||
| if inconsistent_count > 0: | ||
| logger.error(f"Validation failed: {inconsistent_count} inconsistent fields found") |
No description provided.