Closed pablogrigo closed 1 year ago
@pablogrigo sorry for the delay and thanks for bringing this to our notice. We have fixed this, request you to pull the latest Python SDK v1.7.4. Do let us know if the issue persists. Thanks!
Thanks @ashah-splunk 👍
Describe the bug SDK logs sensitive data when running in debug mode.
To Reproduce Steps to reproduce the behavior:
Expected behaviour No sensitive data is logged, even when running in debug mode.
Logs or Screenshots The
binding.py
file contains several instances of logging of network operations. Example 1: https://github.com/splunk/splunk-sdk-python/blob/master/splunklib/binding.py#L779 Example 2: https://github.com/splunk/splunk-sdk-python/blob/master/splunklib/binding.py#L845Splunk
SDK:
Additional context There was an attempt to prevent password leaks, as seen in #439 Unfortunately, according to the API Reference https://docs.splunk.com/Documentation/Splunk/9.0.3/RESTREF/RESTlist there are several endpoints that will include either a password or a key in their body, to list a few:
The recommendation would be to avoid logging headers and payloads of network operations, as sensitive data could be included in both.