[HIGH] Fix information leakage in logging and debug output

[claranceliberi]

Problem Statement

The application logs sensitive information including full metric payloads, system details, and configuration data in debug mode. This creates information disclosure vulnerabilities and violates data privacy principles.

Impact Assessment

• Severity: High
• Impact: Information disclosure, privacy violations, potential security reconnaissance
• Affected Components: All logging throughout the application
• Security Risk: Medium - Sensitive data exposure in logs
• Compliance: GDPR, CCPA, SOC 2 data handling violations

Technical Details

Vulnerable Logging Locations

1. HTTP Client Payload Logging:

   • File: pkg/clients/tsclient/client.go
   • Line: 144 - Logs first 500 characters of payload
   • Issue: May contain sensitive metric data

2. Diagnostics Logging:

   • File: pkg/clients/tsclient/client.go
   • Line: 174 - Logs entire diagnostics payload
   • Issue: Contains system metadata and configuration

3. Configuration Logging:

   • File: pkg/config/config.go
   • Line: 147 - Logs dmidecode command output
   • Issue: Exposes system hardware information

4. Error Messages:

   • File: pkg/config/config.go
   • Line: 385-386 - Detailed error messages
   • Issue: Information disclosure for reconnaissance

Code Examples

// Problematic logging in client.go:144
logger.Debug("Sending payload", 
    zap.String("payload_preview", string(payload[:500]))) // SENSITIVE DATA

// Problematic logging in client.go:174
logger.Debug("Sending diagnostics", 
    zap.Any("diagnostics", diagnostics)) // FULL PAYLOAD

// Problematic logging in config.go:147
log.Printf("dmidecode command failed: %v. Output: %s", err, string(output))

Acceptance Criteria

• Remove sensitive data from all log statements
• Implement configurable log sanitization
• Add log levels for sensitive information
• Implement structured logging with field filtering
• Add log redaction for sensitive fields
• Create logging security guidelines
• Add log audit capabilities
• Implement log rotation with secure deletion

Implementation Guidelines

1. Sensitive Data Classification:

   • PII: System identifiers, hardware info
   • Secrets: API keys, certificates, passwords
   • Business Data: Metric values, configurations
   • System Info: Internal paths, versions

2. Logging Security Framework:

type SecureLogger struct {
    logger     *zap.Logger
    sanitizer  *LogSanitizer
    redaction  RedactionConfig
}

type RedactionConfig struct {
    EnableRedaction bool          `yaml:"enable_redaction"`
    RedactedFields  []string      `yaml:"redacted_fields"`
    HashSensitive   bool          `yaml:"hash_sensitive"`
    RedactionMask   string        `yaml:"redaction_mask"`
}

3. Log Sanitization Rules:

func (s *LogSanitizer) SanitizePayload(payload []byte) string {
    if len(payload) > 100 {
        return fmt.Sprintf("[REDACTED - %d bytes]", len(payload))
    }
    return s.maskSensitiveData(string(payload))
}

Security Enhancements

Log Redaction

• Automatic Detection: Identify sensitive patterns
• Field-based: Redact specific fields in structured logs
• Pattern Matching: Use regex for dynamic redaction

Secure Log Storage

• Encryption: Encrypt log files at rest
• Access Control: Restrict log file permissions
• Rotation: Secure deletion of old logs

Configuration Options

logging:
  level: "info"
  format: "json"
  security:
    redaction:
      enabled: true
      fields: ["password", "api_key", "token"]
      mask: "***REDACTED***"
    sensitive_data:
      hash_instead_of_redact: true
      max_preview_length: 50

Testing Requirements

• Unit tests for log sanitization
• Security tests for information leakage
• Performance tests for logging overhead
• Integration tests with different log levels
• Audit tests for compliance requirements

Remediation Steps

1. Immediate: Remove sensitive data from existing logs
2. Short-term: Implement log sanitization framework
3. Medium-term: Add configurable redaction
4. Long-term: Implement comprehensive log security

Related Issues

• Depends on: Configuration management system
• Related to: Audit logging implementation ([DOCUMENTATION] Comprehensive documentation and compliance framework #13)
• Blocks: Security compliance validation ([TESTING] Add comprehensive security and integration test coverage #12)
• Impacts: All logging throughout application

Definition of Done

• All sensitive data removed from logs
• Log sanitization framework implemented
• Configuration options for redaction
• Security guidelines documented
• Tests passing for all log levels
• Compliance review completed
• Performance impact < 1%