Sanitize Bearer Token in debug output (#658)

ezilber-akamai · web-flow · commit 89e7b7af7ede · 2024-10-22T13:27:57.000-04:00
diff --git a/linodecli/api_request.py b/linodecli/api_request.py
@@ -283,6 +283,9 @@ def _print_request_debug_info(method, url, headers, body):
     """
     print(f"> {method.__name__.upper()} {url}", file=sys.stderr)
     for k, v in headers.items():
+        # If this is the Authorization header, sanitize the token
+        if k.lower() == "authorization":
+            v = "Bearer " + "*" * 64
         print(f"> {k}: {v}", file=sys.stderr)
     print("> Body:", file=sys.stderr)
     print(">  ", body or "", file=sys.stderr)
diff --git a/tests/unit/test_api_request.py b/tests/unit/test_api_request.py
@@ -44,13 +44,14 @@ def test_request_debug_info(self):
             api_request._print_request_debug_info(
                 SimpleNamespace(__name__="get"),
                 "https://definitely.linode.com/",
-                {"cool": "test"},
+                {"cool": "test", "Authorization": "sensitiveinfo"},
                 "cool body",
             )
 
         output = stderr_buf.getvalue()
         assert "> GET https://definitely.linode.com/" in output
         assert "> cool: test" in output
+        assert f"> Authorization: Bearer {'*' * 64}" in output
         assert "> Body:" in output
         assert ">   cool body" in output
         assert "> " in output
