From: maximiliancw <redacted>
Date: Fri, 9 Jan 2026 16:00:19 +0000 (+0100)
Subject: Enhance request logging to conditionally include detected secret types based on confi... 
X-Git-Url: http://git.99rst.org/?a=commitdiff_plain;h=6eaf5964e6e0d756c0b473ee71ab0d4489d5bafb;p=sgasser-llm-shield.git

Enhance request logging to conditionally include detected secret types based on configuration; ensuring sensitive information is only logged when explicitly allowed, improving security and compliance
---

diff --git a/src/services/logger.ts b/src/services/logger.ts
index 0c7e0fa..7cf66b6 100644
--- a/src/services/logger.ts
+++ b/src/services/logger.ts
@@ -292,12 +292,17 @@ export interface RequestLogData {
 
 export function logRequest(data: RequestLogData, userAgent: string | null): void {
   try {
+    const config = getConfig();
     const logger = getLogger();
 
     // Safety: Never log content if secrets were detected
     // Even if log_content is true, secrets are never logged
     const shouldLogContent = data.maskedContent && !data.secretsDetected;
 
+    // Only log secret types if configured to do so
+    const shouldLogSecretTypes =
+      config.secrets_detection.log_detected_types && data.secretsTypes?.length;
+
     logger.log({
       timestamp: data.timestamp,
       mode: data.mode,
@@ -315,7 +320,7 @@ export function logRequest(data: RequestLogData, userAgent: string | null): void
       detected_language: data.detectedLanguage ?? null,
       masked_content: shouldLogContent ? (data.maskedContent ?? null) : null,
       secrets_detected: data.secretsDetected !== undefined ? (data.secretsDetected ? 1 : 0) : null,
-      secrets_types: data.secretsTypes?.join(",") ?? null,
+      secrets_types: shouldLogSecretTypes ? data.secretsTypes!.join(",") : null,
     });
   } catch (error) {
     console.error("Failed to log request:", error);