SDK logs sensitive data when running in debug mode

[pablogrigo]

Describe the bug SDK logs sensitive data when running in debug mode.

To Reproduce Steps to reproduce the behavior:

1. Configure logging in debug mode. (https://github.com/splunk/splunk-sdk-python#optionalset-up-logging-for-splunklib)
2. Call some specific endpoints (see list at the bottom).
3. Inspect the logs, note passwords are included in plain text.

Expected behaviour No sensitive data is logged, even when running in debug mode.

Logs or Screenshots The binding.py file contains several instances of logging of network operations. Example 1: https://github.com/splunk/splunk-sdk-python/blob/master/splunklib/binding.py#L779 Example 2: https://github.com/splunk/splunk-sdk-python/blob/master/splunklib/binding.py#L845

Splunk

• Version: Any
• OS: Any
• Deployment: Any

SDK:

• Version: 1.7.2
• Language Python 3.X
• OS: Any

Additional context There was an attempt to prevent password leaks, as seen in #439 Unfortunately, according to the API Reference https://docs.splunk.com/Documentation/Splunk/9.0.3/RESTREF/RESTlist there are several endpoints that will include either a password or a key in their body, to list a few:

• auth/login
• authentication/users
• authentication/users/{name}
• authentication/providers/SAML
• authentication/providers/SAML/{stanza_name}

The recommendation would be to avoid logging headers and payloads of network operations, as sensitive data could be included in both.

[ashah-splunk]

@pablogrigo sorry for the delay and thanks for bringing this to our notice. We have fixed this, request you to pull the latest Python SDK v1.7.4. Do let us know if the issue persists. Thanks!

[pablogrigo]

Thanks @ashah-splunk 👍