Add MCP tool name logging, sync PII sanitization across loggers

- Log MCP tool calls in mcp_server.py (method, path, status, client IP)
- Add _safe_path() with PII redaction matching main.py pattern
- Sync _LOG_SANITIZE regex: +7 endpoints (archive, username, cve, cves, exploit, hash, epss)
- Harden control char stripping: \n\r → full C0 range + DEL ([\x00-\x1f\x7f])

Author: UPinar

app/main.py

@@ -156,13 +156,13 @@ async def _periodic_maintenance():
 _MAX_TRACKED_PATHS = 200
 
 _LOG_SANITIZE = re.compile(
-    r"/v1/(phone|email/mx|email/disposable|ip|domain|dns|whois|subdomains|certs|ssl|threat|tech|monitor|ioc|phishing|scan/headers|asn|password)/[^/?]+"
+    r"/v1/(phone|email/mx|email/disposable|ip|domain|dns|whois|subdomains|certs|ssl|threat|tech|monitor|ioc|phishing|scan/headers|asn|password|archive|username|cve|cves|exploit|hash|epss)/[^/?]+"
 )
 
 
 def _sanitize_path(path: str) -> str:
     """Redact PII (domains, IPs, emails, phones) from request paths for safe logging."""
-    safe = path.replace("\n", "").replace("\r", "")
+    safe = re.sub(r"[\x00-\x1f\x7f]", "", path)
     return _LOG_SANITIZE.sub(r"/v1/\1/***", safe)
 
 

mcp_server.py

@@ -20,6 +20,7 @@
 import contextvars
 import logging
 import os
+import re
 import sys
 
 import httpx
@@ -49,6 +50,16 @@
 API_KEY = os.environ.get("CONTRASTAPI_KEY", "")
 TIMEOUT = 30.0
 
+_LOG_SANITIZE = re.compile(
+    r"/v1/(phone|email/mx|email/disposable|ip|domain|dns|whois|subdomains|certs|ssl|threat|tech|monitor|ioc|phishing|scan/headers|asn|password|archive|username|cve|cves|exploit|hash|epss)/[^/?]+"
+)
+
+
+def _safe_path(path: str) -> str:
+    """Redact PII from API paths for safe logging."""
+    safe = re.sub(r"[\x00-\x1f\x7f]", "", path)
+    return _LOG_SANITIZE.sub(r"/v1/\1/***", safe)
+
 
 def _headers() -> dict:
     h = {"Accept": "application/json"}
@@ -62,6 +73,7 @@ def _headers() -> dict:
 
 
 async def _get(path: str, params: dict | None = None) -> dict | str:
+    client_ip = _client_ip_var.get() or "unknown"
     async with httpx.AsyncClient() as client:
         try:
             resp = await client.get(
@@ -71,14 +83,18 @@ async def _get(path: str, params: dict | None = None) -> dict | str:
                 headers=_headers(),
             )
             resp.raise_for_status()
+            logger.info("mcp_tool GET %s %d %s", _safe_path(path), resp.status_code, client_ip)
             return resp.json()
         except httpx.HTTPStatusError as e:
+            logger.info("mcp_tool GET %s %d %s", _safe_path(path), e.response.status_code, client_ip)
             return f"Error {e.response.status_code}"
         except httpx.HTTPError as e:
+            logger.info("mcp_tool GET %s err %s", _safe_path(path), client_ip)
             return f"Request failed: {e}"
 
 
 async def _post(path: str, json_body: dict) -> dict | str:
+    client_ip = _client_ip_var.get() or "unknown"
     async with httpx.AsyncClient() as client:
         try:
             resp = await client.post(
@@ -88,10 +104,13 @@ async def _post(path: str, json_body: dict) -> dict | str:
                 headers=_headers(),
             )
             resp.raise_for_status()
+            logger.info("mcp_tool POST %s %d %s", _safe_path(path), resp.status_code, client_ip)
             return resp.json()
         except httpx.HTTPStatusError as e:
+            logger.info("mcp_tool POST %s %d %s", _safe_path(path), e.response.status_code, client_ip)
             return f"Error {e.response.status_code}"
         except httpx.HTTPError as e:
+            logger.info("mcp_tool POST %s err %s", _safe_path(path), client_ip)
             return f"Request failed: {e}"