🛡️ Sentinel: [CRITICAL] Fix log injection vulnerability in Content-Type fallback branch error message

[abhimehro]

🚨 Severity: CRITICAL
💡 Vulnerability: Log Injection / Secret Leakage. The ValueError raised for an invalid Content-Type in the _gh_get fallback HTTP request branch included the raw, unsanitized url. This could expose sensitive query parameters (like token, secret, password) in application logs if the exception is caught and logged, which is a critical security risk.
🎯 Impact: If an attacker or standard operation triggered a fallback request to a URL with an invalid Content-Type, any sensitive tokens in the URL would be written to plain text logs, potentially exposing authentication credentials to unauthorized internal or external users.
🔧 Fix: Modified main.py to wrap the url variable with the existing sanitize_for_log() function within the exception string, matching the sanitization pattern correctly used in the primary request branch.
✅ Verification: Verified the change by running a targeted test simulating the log injection and confirming [REDACTED] appeared in the error string instead of the raw token. Ran the full test suite (uv run pytest) to ensure no regressions were introduced.

---

PR created automatically by Jules for task 7282381428706749090 started by @abhimehro

---

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.

[trunk-io]

Merging to main in this repository is managed by Trunk.

• To merge this pull request, check the box to the left or comment /trunk merge below.

After your PR is submitted to the merge queue, this comment will be automatically updated with its status. If the PR fails, failure details will also be posted here

[cursor]

PR Summary

Low Risk
Low-risk, single-line change to error formatting to prevent leaking sensitive URL query params or enabling log injection when raising a ValueError in the _gh_get fallback path.

Overview
Ensures the _gh_get fallback (304-miss re-fetch) Invalid Content-Type ValueError message logs a sanitized URL by wrapping url with sanitize_for_log(), aligning it with the primary request branch and preventing secret leakage/log injection.

^{Reviewed by Cursor Bugbot for commit 84c14ac. Configure here.}

[codescene-delta-analysis]

Gates Passed
6 Quality Gates Passed

See analysis details in CodeScene

Quality Gate Profile: Pay Down Tech Debt
Install CodeScene MCP: safeguard and uplift AI-generated code. Catch issues early with our IDE extension and CLI tool.

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no bugs or issues to report.

[Copilot]

Pull request overview

This PR addresses a security issue in _gh_get() by ensuring the URL included in the “invalid Content-Type” exception message is sanitized in the fallback request path, preventing log injection and leakage of sensitive query parameters if the exception is logged.

Changes:

• Sanitize url via sanitize_for_log() in the fallback-branch ValueError message for invalid Content-Type.
• Align fallback-branch error-message sanitization behavior with the primary request branch.