Sanitize exception logging and add input validation

[Copilot]

Exception messages may contain sensitive data (API keys, tokens, internal URLs). Username parameters can be None or empty, causing downstream errors.

Changes

• Exception logging: Log exception type only, preserve traceback via exc_info=True

  • with_retries decorator
  • _get_pr_diffs function

• Input validation: Early return for None/empty usernames

  • get_slack_markdown_by_linear_username → returns "No Assignee"
  • get_slack_markdown_by_github_username → logs warning, returns "Unknown user"

Example

Before:

logging.error(f"Function {func.__name__} failed: {e}")
# Logs: "Function fetch_data failed: HTTPError 401: Invalid token abc123xyz"

After:

logging.error(
    "Function %s failed with exception %s",
    func.__name__,
    type(e).__name__,
    exc_info=True,
)
# Logs: "Function fetch_data failed with exception HTTPError"
# Full traceback available in exc_info without exposing message in primary log

Original prompt

Please apply the following diffs and create a pull request.
Once the PR is ready, give it a title based on the messages of the fixes being applied.

[{"message":"Logging the exception directly may expose sensitive information. Consider logging only the exception type or a sanitized message instead of the full exception details.","fixFiles":[{"filePath":"jobs.py","diff":"diff --git a/jobs.py b/jobs.py\n--- a/jobs.py\n+++ b/jobs.py\n@@ -99,7 +99,12 @@\n             try:\n                 return func(*args, **kwargs)\n             except Exception as e:\n-                logging.error(f\"Function {func.__name__} failed: {e}\")\n+                logging.error(\n+                    \"Function %s failed with exception %s\",\n+                    func.__name__,\n+                    type(e).__name__,\n+                    exc_info=True,\n+                )\n                 if attempt == RETRY_COUNT - 1:\n                     raise\n                 time.sleep(RETRY_SLEEP_SECONDS)\n"}]},{"message":"Function lacks input validation for the username parameter. Consider adding a check for None or empty values to prevent potential errors when accessing config data.","fixFiles":[{"filePath":"jobs.py","diff":"diff --git a/jobs.py b/jobs.py\n--- a/jobs.py\n+++ b/jobs.py\n@@ -119,6 +119,10 @@\n \n \n def get_slack_markdown_by_linear_username(username):\n+    # Handle missing or empty usernames explicitly to avoid unnecessary config access.\n+    if username is None or (isinstance(username, str) and not username.strip()):\n+        return \"No Assignee\"\n+\n     config = load_config()\n     for person in config[\"people\"]:\n         if config[\"people\"][person][\"linear_username\"] == username:\n"}]},{"message":"Function lacks input validation for the username parameter. Consider adding a check for None or empty values to prevent potential errors.","fixFiles":[{"filePath":"jobs.py","diff":"diff --git a/jobs.py b/jobs.py\n--- a/jobs.py\n+++ b/jobs.py\n@@ -127,6 +127,13 @@\n \n \n def get_slack_markdown_by_github_username(username):\n+    # Validate input to avoid propagating None or empty usernames.\n+    if username is None or (isinstance(username, str) and not username.strip()):\n+        logging.warning(\n+            \"get_slack_markdown_by_github_username called with invalid username: %r\",\n+            username,\n+        )\n+        return \"Unknown user\"\n     config = load_config()\n     for person in config[\"people\"].values():\n         if person.get(\"github_username\") == username:\n"}]},{"message":"Logging the exception directly may expose sensitive information like API keys or internal URLs. Consider logging only the exception type or a sanitized message.","fixFiles":[{"filePath":"jobs.py","diff":"diff --git a/jobs.py b/jobs.py\n--- a/jobs.py\n+++ b/jobs.py\n@@ -151,7 +151,11 @@\n             diffs.append(diff)\n         except Exception as e:  # pragma: no cover - network errors are ignored\n             logging.error(\n-                \"Failed to fetch diff for %s/%s#%s: %s\", owner, repo, number, e\n+                \"Failed to fetch diff for %s/%s#%s (error type: %s)\",\n+                owner,\n+                repo,\n+                number,\n+                type(e).__name__,\n             )\n     return diffs\n \n"}]}]

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.