From ef798629e5974aa35a6f3342647e058a97efb8be Mon Sep 17 00:00:00 2001 From: Evan Mattson <35585003+moonbox3@users.noreply.github.com> Date: Wed, 4 Feb 2026 15:57:08 +0900 Subject: [PATCH] Potential fix for code scanning alert no. 49: Clear-text logging of sensitive information (#3573) Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .../declarative/agent_framework_declarative/_models.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/python/packages/declarative/agent_framework_declarative/_models.py b/python/packages/declarative/agent_framework_declarative/_models.py index 0132590a1c..3066848927 100644 --- a/python/packages/declarative/agent_framework_declarative/_models.py +++ b/python/packages/declarative/agent_framework_declarative/_models.py @@ -39,7 +39,7 @@ def _try_powerfx_eval(value: str | None, log_value: bool = True) -> str | None: Args: value: The value to check. - log_value: Whether to log the full value on error or just a snippet. + log_value: Whether to log additional context on error. """ if value is None: return value @@ -59,9 +59,9 @@ def _try_powerfx_eval(value: str | None, log_value: bool = True) -> str | None: return engine.eval(value[1:], symbols={"Env": dict(os.environ)}) except Exception as exc: if log_value: - logger.debug(f"PowerFx evaluation failed for value '{value}': {exc}") + logger.debug("PowerFx evaluation failed for a value: %s", exc) else: - logger.debug(f"PowerFx evaluation failed for value (first five characters shown) '{value[:5]}': {exc}") + logger.debug("PowerFx evaluation failed for a value (details redacted): %s", exc) return value