Merge pull request #439 from splunk/DVPL-10693

Modified POST method debug log to not log sensitive body/data
splunk · Mar 9, 2022 · c163daf · c163daf
2 parents f1db833 + 82bff6c
commit c163daf
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/splunklib/binding.py b/splunklib/binding.py
@@ -758,7 +758,13 @@ def post(self, path_segment, owner=None, app=None, sharing=None, headers=None, *
             headers = []
 
         path = self.authority + self._abspath(path_segment, owner=owner, app=app, sharing=sharing)
-        logger.debug("POST request to %s (body: %s)", path, repr(query))
+
+        # To avoid writing sensitive data in debug logs
+        endpoint_having_sensitive_data = ["/storage/passwords"]
+        if any(endpoint in path for endpoint in endpoint_having_sensitive_data):
+            logger.debug("POST request to %s ", path)
+        else:
+            logger.debug("POST request to %s (body: %s)", path, repr(query))
         all_headers = headers + self.additional_headers + self._auth_headers
         response = self.http.post(path, all_headers, **query)
         return response