From 82bff6caba892b90bf0a66cb1eb913145cd503db Mon Sep 17 00:00:00 2001
From: akaila-splunk <akaila@splunk.com>
Date: Tue, 8 Mar 2022 19:19:32 +0530
Subject: [PATCH] Added condition check for post method debug logs

- Added check to avoid writing sensitive data in debug logs
- ex. '/storage/passwords' endpoint is having password field in it's body during post method call
---
 splunklib/binding.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/splunklib/binding.py b/splunklib/binding.py
index 60fc5294..85713a22 100644
--- a/splunklib/binding.py
+++ b/splunklib/binding.py
@@ -758,7 +758,13 @@ def post(self, path_segment, owner=None, app=None, sharing=None, headers=None, *
             headers = []
 
         path = self.authority + self._abspath(path_segment, owner=owner, app=app, sharing=sharing)
-        logger.debug("POST request to %s (body: %s)", path, repr(query))
+
+        # To avoid writing sensitive data in debug logs
+        endpoint_having_sensitive_data = ["/storage/passwords"]
+        if any(endpoint in path for endpoint in endpoint_having_sensitive_data):
+            logger.debug("POST request to %s ", path)
+        else:
+            logger.debug("POST request to %s (body: %s)", path, repr(query))
         all_headers = headers + self.additional_headers + self._auth_headers
         response = self.http.post(path, all_headers, **query)
         return response