Logflare / logflare / 052d569ada99f27f7659bb4c5d1110878263efb9
81%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 473
Run time 2min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 80.144% (+0.2%) from 79.983%
052d569ada99f27f7659bb4c5d1110878263efb9

push

github

web-flow 
fix: enforce auth before syslog body parsing and remove log injection (#3425)

* fix: enforce auth before syslog body parsing and remove log injection

- Add VerifyApiAccess to the :api pipeline before Plug.Parsers so
  authentication is enforced prior to any body parsing, including
  syslog (application/logplex-1) content
- Remove raw user-supplied syslog message string from Logger.error in
  SyslogParser, preventing log injection and log pollution from
  unauthenticated or malformed payloads

Closes PRODSEC-39

https://claude.ai/code/session_0188UD1xQBYhqoM9Lt1WsPcx

* refactor(ingest): authenticate before parsing request bodies

Move VerifyApiAccess ahead of Plug.Parsers on ingest pipelines so
unauthenticated callers can no longer reach the parsers. Introduces
dedicated :ingest_api and :ingest_otlp_api pipelines for /logs,
/api/logs, /api/events, the Cloudflare logpush scope and /v1/* OTLP
routes; the shared :api pipeline is left alone so /health, webhooks,
OAuth and OpenAPI keep working without API auth. FetchResource and
VerifyResourceAccess still run after parsing because some clients
(e.g. the BERT logger) identify the source via a body field.

Add a require_token option to VerifyApiAccess and pass it on the ingest
pipelines. Without it the plug's existing {:error, :no_token} clause
passes unauthenticated requests through whenever a resource_type assign
is set (used by public-endpoint queries with enable_auth: false), which
would otherwise defeat the new ordering.

VerifyApiAccess now also fetches query params at the top of call/2 so
legacy `?api_key=` clients still authenticate when the plug runs before
Plug.Parsers (which is what previously fetched them).

Also redact raw bodies from parser error logs (NdjsonParser was logging
inspect(Jason.DecodeError), which carries the raw input in :data and
:token) so a parser-side bug cannot leak attacker-supplied content even
on the authenticated path.

Co-Authored-By: Claude Opus 4.7 (1M context) <nore... (continued)

8 of 8 new or added lines in 4 files covered. (100.0%)

1 existing line in 1 file now uncovered.

12537 of 15643 relevant lines covered (80.14%)

5250.62 hits per line

Coverage Regressions

Lines Coverage File
1
11.11
 -5.56% lib/logflare/system_metrics/cluster.ex
Jobs
ID Job ID Ran Files Coverage
1 052d569ada99f27f7659bb4c5d1110878263efb9.1 473
80.14
 GitHub Action Run
Source Files on build 052d569ada99f27f7659bb4c5d1110878263efb9