fix: sanitize env values in debug logs and fix GetEnvDuration doc

lpcox · Copilot · lpcox · commit 9def5d0ff6d9 · 2026-04-15T10:02:28.000-07:00
Address review feedback:

1. Sanitize raw env values using sanitize.TruncateSecret() in all 3
   debug log lines (GetEnvInt, GetEnvDuration, GetEnvBool). Env vars
   could contain secrets, and debug logs are also written to the file
   logger, so full values should never be persisted.

2. Update GetEnvDuration doc comment to mention that zero/negative
   durations also fall back to defaultValue (matching the d &gt; 0
   condition in the code and the existing GetEnvInt doc pattern).

Co-authored-by: Copilot &lt;223556219+Copilot@users.noreply.github.com&gt;
diff --git a/internal/envutil/envutil.go b/internal/envutil/envutil.go
@@ -7,6 +7,7 @@ import (
 	"time"
 
 	"github.com/github/gh-aw-mcpg/internal/logger"
+	"github.com/github/gh-aw-mcpg/internal/logger/sanitize"
 )
 
 var logEnvUtil = logger.New("envutil:envutil")
@@ -29,20 +30,21 @@ func GetEnvInt(envKey string, defaultValue int) int {
 		if value, err := strconv.Atoi(envValue); err == nil && value > 0 {
 			return value
 		}
-		logEnvUtil.Printf("GetEnvInt: %s=%q is not a valid positive integer, using default=%d", envKey, envValue, defaultValue)
+		logEnvUtil.Printf("GetEnvInt: %s=%q is not a valid positive integer, using default=%d", envKey, sanitize.TruncateSecret(envValue), defaultValue)
 	}
 	return defaultValue
 }
 
 // GetEnvDuration returns the time.Duration value of the environment variable specified by envKey.
-// If the environment variable is not set, is empty, or cannot be parsed by time.ParseDuration,
-// it returns the defaultValue. Accepts any string valid for time.ParseDuration (e.g. "2h", "30m", "90s").
+// If the environment variable is not set, is empty, cannot be parsed by time.ParseDuration,
+// or is not positive (> 0), it returns the defaultValue.
+// Accepts any string valid for time.ParseDuration (e.g. "2h", "30m", "90s").
 func GetEnvDuration(envKey string, defaultValue time.Duration) time.Duration {
 	if envValue := os.Getenv(envKey); envValue != "" {
 		if d, err := time.ParseDuration(envValue); err == nil && d > 0 {
 			return d
 		}
-		logEnvUtil.Printf("GetEnvDuration: %s=%q is not a valid positive duration, using default=%v", envKey, envValue, defaultValue)
+		logEnvUtil.Printf("GetEnvDuration: %s=%q is not a valid positive duration, using default=%v", envKey, sanitize.TruncateSecret(envValue), defaultValue)
 	}
 	return defaultValue
 }
@@ -60,7 +62,7 @@ func GetEnvBool(envKey string, defaultValue bool) bool {
 		case "0", "false", "no", "off":
 			return false
 		}
-		logEnvUtil.Printf("GetEnvBool: %s=%q is not a recognized boolean value, using default=%v", envKey, envValue, defaultValue)
+		logEnvUtil.Printf("GetEnvBool: %s=%q is not a recognized boolean value, using default=%v", envKey, sanitize.TruncateSecret(envValue), defaultValue)
 	}
 	return defaultValue
 }

Original file line number	Diff line number	Diff line change
`@@ -7,6 +7,7 @@ import (`
`7`	`7`	`"time"`
`8`	`8`
`9`	`9`	`"github.com/github/gh-aw-mcpg/internal/logger"`
	`10`	`+ "github.com/github/gh-aw-mcpg/internal/logger/sanitize"`
`10`	`11`	`)`
`11`	`12`
`12`	`13`	`var logEnvUtil = logger.New("envutil:envutil")`
`@@ -29,20 +30,21 @@ func GetEnvInt(envKey string, defaultValue int) int {`
`29`	`30`	`if value, err := strconv.Atoi(envValue); err == nil && value > 0 {`
`30`	`31`	`return value`
`31`	`32`	`}`
`32`		`- logEnvUtil.Printf("GetEnvInt: %s=%q is not a valid positive integer, using default=%d", envKey, envValue, defaultValue)`
	`33`	`+ logEnvUtil.Printf("GetEnvInt: %s=%q is not a valid positive integer, using default=%d", envKey, sanitize.TruncateSecret(envValue), defaultValue)`
`33`	`34`	`}`
`34`	`35`	`return defaultValue`
`35`	`36`	`}`
`36`	`37`
`37`	`38`	`// GetEnvDuration returns the time.Duration value of the environment variable specified by envKey.`
`38`		`-// If the environment variable is not set, is empty, or cannot be parsed by time.ParseDuration,`
`39`		`-// it returns the defaultValue. Accepts any string valid for time.ParseDuration (e.g. "2h", "30m", "90s").`
	`39`	`+// If the environment variable is not set, is empty, cannot be parsed by time.ParseDuration,`
	`40`	`+// or is not positive (> 0), it returns the defaultValue.`
	`41`	`+// Accepts any string valid for time.ParseDuration (e.g. "2h", "30m", "90s").`
`40`	`42`	`func GetEnvDuration(envKey string, defaultValue time.Duration) time.Duration {`
`41`	`43`	`if envValue := os.Getenv(envKey); envValue != "" {`
`42`	`44`	`if d, err := time.ParseDuration(envValue); err == nil && d > 0 {`
`43`	`45`	`return d`
`44`	`46`	`}`
`45`		`- logEnvUtil.Printf("GetEnvDuration: %s=%q is not a valid positive duration, using default=%v", envKey, envValue, defaultValue)`
	`47`	`+ logEnvUtil.Printf("GetEnvDuration: %s=%q is not a valid positive duration, using default=%v", envKey, sanitize.TruncateSecret(envValue), defaultValue)`
`46`	`48`	`}`
`47`	`49`	`return defaultValue`
`48`	`50`	`}`
`@@ -60,7 +62,7 @@ func GetEnvBool(envKey string, defaultValue bool) bool {`
`60`	`62`	`case "0", "false", "no", "off":`
`61`	`63`	`return false`
`62`	`64`	`}`
`63`		`- logEnvUtil.Printf("GetEnvBool: %s=%q is not a recognized boolean value, using default=%v", envKey, envValue, defaultValue)`
	`65`	`+ logEnvUtil.Printf("GetEnvBool: %s=%q is not a recognized boolean value, using default=%v", envKey, sanitize.TruncateSecret(envValue), defaultValue)`
`64`	`66`	`}`
`65`	`67`	`return defaultValue`
`66`	`68`	`}`