Sanitize Bearer Token in debug output (linode#658)

ykim-akamai · Oct 22, 2024 · 89e7b7a · 89e7b7a
1 parent 0c18aa0
commit 89e7b7a
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/linodecli/api_request.py b/linodecli/api_request.py
@@ -283,6 +283,9 @@ def _print_request_debug_info(method, url, headers, body):
     """
     print(f"> {method.__name__.upper()} {url}", file=sys.stderr)
     for k, v in headers.items():
+        # If this is the Authorization header, sanitize the token
+        if k.lower() == "authorization":
+            v = "Bearer " + "*" * 64
         print(f"> {k}: {v}", file=sys.stderr)
     print("> Body:", file=sys.stderr)
     print(">  ", body or "", file=sys.stderr)

diff --git a/tests/unit/test_api_request.py b/tests/unit/test_api_request.py
@@ -44,13 +44,14 @@ def test_request_debug_info(self):
             api_request._print_request_debug_info(
                 SimpleNamespace(__name__="get"),
                 "https://definitely.linode.com/",
-                {"cool": "test"},
+                {"cool": "test", "Authorization": "sensitiveinfo"},
                 "cool body",
             )
 
         output = stderr_buf.getvalue()
         assert "> GET https://definitely.linode.com/" in output
         assert "> cool: test" in output
+        assert f"> Authorization: Bearer {'*' * 64}" in output
         assert "> Body:" in output
         assert ">   cool body" in output
         assert "> " in output