Potential fix for code scanning alert no. 2: Insertion of sensitive information into log files

craigpnnl · github-advanced-security[bot] · web-flow · commit a4741a410081 · 2026-02-20T16:26:50.000-08:00
Co-authored-by: Copilot Autofix powered by AI &lt;62310815+github-advanced-security[bot]@users.noreply.github.com&gt;
diff --git a/pnnl.goss.core/src/pnnl/goss/core/security/impl/SecurityConfigImpl.java b/pnnl.goss.core/src/pnnl/goss/core/security/impl/SecurityConfigImpl.java
@@ -137,7 +137,7 @@ private byte[] getSharedKey() {
     }
 
     public boolean validateToken(String token) {
-        log.debug("Validate token " + token);
+        log.debug("Validating token");
         try {
             SignedJWT signed = SignedJWT.parse(token);
             JWSVerifier verifier = new MACVerifierExtended(getSharedKey(), signed.getJWTClaimsSet());

Original file line number	Diff line number	Diff line change
`@@ -137,7 +137,7 @@ private byte[] getSharedKey() {`
`137`	`137`	`}`
`138`	`138`
`139`	`139`	`public boolean validateToken(String token) {`
`140`		`- log.debug("Validate token " + token);`
	`140`	`+ log.debug("Validating token");`
`141`	`141`	`try {`
`142`	`142`	`SignedJWT signed = SignedJWT.parse(token);`
`143`	`143`	`JWSVerifier verifier = new MACVerifierExtended(getSharedKey(), signed.getJWTClaimsSet());`