Hide tokens from all logs (#1558)

* Fixes #1557 * Quality pass
okorach · Jan 9, 2025 · 19d208a · 19d208a
1 parent e31731a
commit 19d208a
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 10 deletions.
diff --git a/cli/config.py b/cli/config.py
@@ -167,7 +167,7 @@ def export_config(endpoint: platform.Platform, what: list[str], **kwargs) -> Non
         export_settings["FULL_EXPORT"] = False
         export_settings["INLINE_LISTS"] = False
         export_settings[EXPORT_EMPTY] = True
-    log.info("Exporting with settings: %s", utilities.json_dump(export_settings))
+    log.info("Exporting with settings: %s", utilities.json_dump(export_settings, redact_tokens=True))
     if "projects" in what and kwargs[options.KEYS]:
         non_existing_projects = [key for key in kwargs[options.KEYS] if not projects.exists(key, endpoint)]
         if len(non_existing_projects) > 0:

diff --git a/cli/options.py b/cli/options.py
@@ -193,12 +193,7 @@ def parse_and_check(parser: ArgumentParser, logger_name: str = None, verify_toke
     if os.getenv("IN_DOCKER", "No") == "Yes":
         kwargs[URL] = kwargs[URL].replace("http://localhost", "http://host.docker.internal")
     kwargs = __convert_args_to_lists(kwargs=kwargs)
-    if log.get_level() <= log.DEBUG:
-        sanitized_args = kwargs.copy()
-        sanitized_args[TOKEN] = utilities.redacted_token(sanitized_args[TOKEN])
-        if "tokenTarget" in sanitized_args:
-            sanitized_args["tokenTarget"] = utilities.redacted_token(sanitized_args["tokenTarget"])
-        log.debug("CLI arguments = %s", utilities.json_dump(sanitized_args))
+    log.debug("CLI arguments = %s", utilities.json_dump(kwargs, redact_tokens=True))
     if not kwargs.get(IMPORT, False):
         __check_file_writeable(kwargs.get(REPORT_FILE, None))
     # Verify version randomly once every 10 runs

diff --git a/sonar/utilities.py b/sonar/utilities.py
@@ -32,6 +32,7 @@
 import json
 import datetime
 from datetime import timezone
+from copy import deepcopy
 import requests
 
 import sonar.logging as log
@@ -196,7 +197,7 @@ def remove_empties(d: dict[str, any]) -> dict[str, any]:
     return new_d
 
 
-def sort_lists(data: any) -> any:
+def sort_lists(data: any, redact_tokens: bool = True) -> any:
     """Recursively removes empty lists and dicts and none from a dict"""
     if isinstance(data, (list, set, tuple)):
         data = list(data)
@@ -205,6 +206,8 @@ def sort_lists(data: any) -> any:
         return [sort_lists(elem) for elem in data]
     elif isinstance(data, dict):
         for k, v in data.items():
+            if redact_tokens and k in ("token", "tokenTarget"):
+                data[k] = redacted_token(v)
             if isinstance(v, set):
                 v = list(v)
             if isinstance(v, list) and len(v) > 0 and isinstance(v[0], (str, int, float)):
@@ -224,9 +227,10 @@ def allowed_values_string(original_str: str, allowed_values: list[str]) -> str:
     return list_to_csv([v for v in csv_to_list(original_str) if v in allowed_values])
 
 
-def json_dump(jsondata: Union[list[str], dict[str, str]], indent: int = 3) -> str:
+def json_dump(jsondata: Union[list[str], dict[str, str]], indent: int = 3, redact_tokens: bool = True) -> str:
     """JSON dump helper"""
-    return json.dumps(sort_lists(jsondata), indent=indent, sort_keys=True, separators=(",", ": "))
+    newdata = sort_lists(deepcopy(jsondata), redact_tokens=redact_tokens)
+    return json.dumps(newdata, indent=indent, sort_keys=True, separators=(",", ": "))
 
 
 def csv_to_list(string: Optional[str], separator: str = ",") -> list[str]: