Skip to content

feat(logging): add query parameter logging for /api/v2 requests - BED-8563#2895

Open
cami-specter wants to merge 7 commits into
mainfrom
wip-BED-8563-add-query-params-logging
Open

feat(logging): add query parameter logging for /api/v2 requests - BED-8563#2895
cami-specter wants to merge 7 commits into
mainfrom
wip-BED-8563-add-query-params-logging

Conversation

@cami-specter

@cami-specter cami-specter commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

Description

Add query parameter logging for /api/v2 requests for easier Elastic/Kibana lookups. This logs the raw string and makes it easier to filter and search in Elastic without parsing the full request_uri field.

  • adds query_parameters slog attribute in LoggingMiddleware
  • only logs for /api/v2 endpoints with non-empty query strings
  • ignores SSO callback endpoint. Even if params are already being logged via request_uri, it is probably better not to add them to the new query_parameters field.
  • adds table-driven tests

Note:
After some deliberation, decided not to add nested logging due to potential Elastic index mapping problems. (If we were to add a large list of parameters (in the hundreds) to our Elastic daily indexes mapping, that could cause issues – indexes are already > 1000).

Motivation and Context

Resolves BED-8563.

There's a general benefit to having query_parameters as a dedicated field since it makes it easier to filter and aggregate on query param usage across most endpoints.

Specifically, we were looking at non-default limit and skip parameters queries for the api/v2/search endpoint

How Has This Been Tested?

  • Added unit tests (table-driven) covering non-/api/v2 paths, empty query strings, ignoring a specific endpoint, etc.
  • Manually tested output with EnableAPILogging enabled, hit various /api/v2 endpoints, verified logs

Screenshots (optional):

log output showing query_parameters field (/api/v2 request with a single parameter)

1

pretty print of the above log output (disabling text logging)

2

log output showing query_parameters field (/api/v2 request with multiple parameters)

3

Types of changes

  • New feature (non-breaking change which adds functionality)

Checklist:

Summary by CodeRabbit

  • Improvements

    • Updated request logging to omit query-parameter details for SSO callback endpoints, while keeping the existing API v2 query-parameter logging behavior for all other requests.
  • Tests

    • Added table-driven test coverage to verify query-parameter logging across multiple URL patterns, including suppression for SSO callbacks and correct logging for API v2 requests with query strings.

@cami-specter cami-specter self-assigned this Jun 17, 2026
@coderabbitai

coderabbitai Bot commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

📝 Walkthrough

Walkthrough

logging.go adds a isSSOCallbackPath helper that inspects URL path segments to identify SSO callback endpoints. The LoggingMiddleware now skips adding the "query_parameters" log field when the request path matches an SSO callback, while preserving query logging for all other /api/v2/ paths. A new table-driven test file validates all branches of this behavior.

Changes

SSO Callback Query Parameter Logging Suppression

Layer / File(s) Summary
isSSOCallbackPath helper and middleware integration
cmd/api/src/api/middleware/logging.go
Adds strings import, introduces isSSOCallbackPath to classify SSO callback URL paths by segment, marks idResolver as intentionally unused, and conditions the "query_parameters" log field on the new path check.
Table-driven tests for query parameter logging
cmd/api/src/api/middleware/logging_test.go
New test file with TestLoggingMiddleware_QueryParameters covering non-/api/v2 paths, /api/v20 false-positive prevention, SSO callback suppression, absent query params, and /api/v2 paths with single and repeated query parameters.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 25.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly describes the main change: adding query parameter logging for /api/v2 requests with associated ticket reference.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description check ✅ Passed The PR description includes detailed information on changes, motivation, testing approach with examples, and screenshots, but lacks proper formatting against the required template structure.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch wip-BED-8563-add-query-params-logging

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@cmd/api/src/api/middleware/logging_test.go`:
- Line 28: The import statement in logging_test.go at line 28 references an
invalid module path `github.com/specterops/bloodhound/cmd/api/src/ctx` that does
not exist in the repository, causing compilation failures. Replace this import
statement with the correct request-context package path that is already used by
the middleware code in this repository. Additionally, update all references to
this context package in lines 105-109 to use the corrected import path so the
tests can compile successfully.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: febec8aa-0b3e-483d-be6e-c7123e5de545

📥 Commits

Reviewing files that changed from the base of the PR and between 102b0fb and 51bfc3e.

📒 Files selected for processing (2)
  • cmd/api/src/api/middleware/logging.go
  • cmd/api/src/api/middleware/logging_test.go

Comment thread cmd/api/src/api/middleware/logging_test.go Outdated
@cami-specter cami-specter added api A pull request containing changes affecting the API code. infrastructure A pull request containing changes affecting the infrastructure code. labels Jun 17, 2026

@superlinkx superlinkx left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This shows a lot of attention to detail and will make logging far more valuable

Comment on lines +128 to +132
return pathSegments[0] == "api" &&
pathSegments[1] == "v2" &&
pathSegments[2] == "sso" &&
pathSegments[4] == "callback"
}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wanted to note that there are old but still maintained due to still in use saml endpoints that likely also should be ignored and those are "versionless"

Further if sso is a concern, there is the sso/{id}/metadata endpoint as well. Might be worth considering a way to flag these in the route layer to be skipped 🤔 vs maintaining them here

@mistahj67 mistahj67 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Blocked to verify intent

@mistahj67 mistahj67 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approving to remove block. discussed offline. will likely benefit from a longer audit into logging queries. thank you for your patience and waiting 🙇

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

api A pull request containing changes affecting the API code. infrastructure A pull request containing changes affecting the infrastructure code.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants