From ca2dd6afe176e045290c874184f630939e3cabbb Mon Sep 17 00:00:00 2001 From: nestoracunablanco Date: Tue, 24 Oct 2023 11:29:33 +0200 Subject: [PATCH] fix: credentials leakage in request headers The headers request contains the authentication, and it gets printed in the robot log report. --- src/RequestsLibrary/log.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/RequestsLibrary/log.py b/src/RequestsLibrary/log.py index 69bd6e6..fa97738 100644 --- a/src/RequestsLibrary/log.py +++ b/src/RequestsLibrary/log.py @@ -24,10 +24,12 @@ def log_request(response): else: original_request = request redirected = '' + headers_hidden_auth = original_request.headers.copy() + headers_hidden_auth["Authorization"] = "********" logger.info("%s Request : " % original_request.method.upper() + "url=%s %s\n " % (original_request.url, redirected) + "path_url=%s \n " % original_request.path_url + - "headers=%s \n " % original_request.headers + + "headers=%s \n " % headers_hidden_auth + "body=%s \n " % format_data_to_log_string(original_request.body))