fix: credentials leakage in request headers

requirements.txt

@@ -1,3 +1,4 @@
 requests
 robotframework
 requests_ntlm
+pytest

src/RequestsLibrary/log.py

@@ -16,18 +16,16 @@ def log_response(response):
                 "body=%s \n " % format_data_to_log_string(response.text))
 
 
-def log_request(response):
+def log_request(response, log_headers=False):
     request = response.request
-    if response.history:
-        original_request = response.history[0].request
-        redirected = '(redirected) '
-    else:
-        original_request = request
-        redirected = ''
+    response_history = response.history
+    original_request = response_history[0].request if response_history else request
+    redirected = '(redirected) ' if response_history else ''
+    headers = original_request.headers if log_headers else '{}'
     logger.info("%s Request : " % original_request.method.upper() +
                 "url=%s %s\n " % (original_request.url, redirected) +
                 "path_url=%s \n " % original_request.path_url +
-                "headers=%s \n " % original_request.headers +
+                "headers=%s \n " % headers +
                 "body=%s \n " % format_data_to_log_string(original_request.body))
 
 

utests/test_log.py

@@ -1,13 +1,17 @@
 import json
 import os
+import pytest
 
-from requests import Request
-
+from requests import Request, PreparedRequest
 from RequestsLibrary.log import format_data_to_log_string, log_request, log_response
+from unittest.mock import patch
 from utests import SCRIPT_DIR
 from utests import mock
 
 
+__MOCKED_HEADERS = "mocked_headers"
+
+
 def test_format_with_data_and_headers_none():
     data_str = format_data_to_log_string(None)
     assert data_str is None
@@ -45,19 +49,25 @@ def test_format_with_file_descriptor():
         assert data_str == repr(f)
 
 
-@mock.patch('RequestsLibrary.log.logger')
-def test_log_request(mocked_logger):
-    request = Request(method='get', url='http://mock.rulezz')
-    request = request.prepare()
+@pytest.mark.parametrize("log_headers, expected_headers", [(False, '{}'), (True, __MOCKED_HEADERS)])
+def test_log_request_with_headers(log_headers: bool, expected_headers: str):
+    with patch('RequestsLibrary.log.logger') as mocked_logger:
+        request = Request(method='get', url='http://mock.rulezz').prepare()
+        response = __mock_log_request_response(request)
+        log_request(response, log_headers)
+        assert mocked_logger.info.call_args[0][0] == ("%s Request : " % request.method +
+                                                      "url=%s \n " % request.url +
+                                                      "path_url=%s \n " % request.path_url +
+                                                      "headers=%s \n " % expected_headers +
+                                                      "body=%s \n " % request.body)
+
+
+def __mock_log_request_response(request: PreparedRequest):
     response = mock.MagicMock()
     response.history = []
     response.request = request
-    log_request(response)
-    assert mocked_logger.info.call_args[0][0] == ("%s Request : " % request.method +
-                                                  "url=%s \n " % request.url +
-                                                  "path_url=%s \n " % request.path_url +
-                                                  "headers=%s \n " % request.headers +
-                                                  "body=%s \n " % request.body)
+    response.request.headers = __MOCKED_HEADERS
+    return response
 
 
 @mock.patch('RequestsLibrary.log.logger')