This is an automated email from the ASF dual-hosted git repository. aminghadersohi pushed a commit to branch work-pr-39604 in repository https://gitbox.apache.org/repos/asf/superset.git
commit bb87e2b52595ef930129f71f6a9d46384a048022 Author: Amin Ghadersohi <[email protected]> AuthorDate: Fri May 22 18:14:36 2026 +0000 fix(mcp): remove exc_info=True from tool-visibility debug log to prevent traceback-based credential leak CodeQL py/clear-text-logging-sensitive-data (alert #2283) flagged this path because exc_info=True includes the full exception traceback, which can expose sensitive local variables (tokens, API keys) from frames on the call stack. The message alone is sufficient for debugging. Co-Authored-By: Claude Sonnet 4.6 <[email protected]> --- superset/mcp_service/auth.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/superset/mcp_service/auth.py b/superset/mcp_service/auth.py index a75e9a83c90..ff8abf53729 100644 --- a/superset/mcp_service/auth.py +++ b/superset/mcp_service/auth.py @@ -211,9 +211,7 @@ def is_tool_visible_to_current_user(tool: Any) -> bool: return check_tool_permission(tool_func, log_denial=False) except (AttributeError, RuntimeError, ValueError): - logger.debug( - "Could not evaluate tool visibility for current user", exc_info=True - ) + logger.debug("Could not evaluate tool visibility for current user") return False
