fix: redact additional keys from diagnostic data#659
fix: redact additional keys from diagnostic data#659allenporter merged 2 commits intoPython-roborock:mainfrom
Conversation
There was a problem hiding this comment.
Pull request overview
This PR enhances the privacy and diagnostic data handling by expanding the list of sensitive keys that are redacted from diagnostic data. The changes address issue #622 by adding 9 additional keys to prevent exposure of user identifiers and large data payloads.
- Adds 4 RRiot authentication fields (
u,s,h,k) to protect user credentials - Adds 3 large binary blob keys (
image_content,map_data,raw_api_response) to reduce diagnostic data size - Reformats the
REDACT_KEYSset with inline comments for better maintainability
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "u", | ||
| "s", | ||
| "h", | ||
| "k", |
There was a problem hiding this comment.
The single-letter key names (u, s, h, k) are unclear without context. Consider adding a more descriptive comment explaining that these are fields from the RRiot authentication data structure, to help future maintainers understand why they need to be redacted.
For example:
# Potential identifiers
"duid",
"localKey",
"mac",
"bssid",
"sn",
"ip",
# RRiot authentication fields (from UserData.rriot)
"u",
"s",
"h",
"k",| "s", | ||
| "h", | ||
| "k", | ||
| # Large binary blobs are entirely omitted |
There was a problem hiding this comment.
The comment states "Large binary blobs are entirely omitted" but the actual implementation replaces these values with REDACTED ("REDACTED"), not omits them. Consider updating the comment to be more accurate:
# Large binary blobs are redactedor
# Large binary blobs| # Large binary blobs are entirely omitted | |
| # Large binary blobs are redacted |
2 participants
Update the list of sensitive/large data in the redacted key list.
Fixes #622