Skip to content

Commit

Permalink
Fix code scanning alert no. 32: Clear-text logging of sensitive infor…
Browse files Browse the repository at this point in the history 
…mation

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
  • Loading branch information
@vivekr-splunk @github-advanced-security
vivekr-splunk and github-advanced-security[bot] authored Nov 20, 2024
1 parent c92510a commit 253eb1e
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion tools/kubectl-splunk
View file
Original file line number Diff line number Diff line change
Expand Up @@ -194,7 +194,8 @@ def execute_on_pod(args, pod_name):
else:
return

logging.debug(f"Executing command on pod {pod_name}: {' '.join(cmd)}")
sanitized_cmd = [arg if '-auth' not in arg else '-auth *****:*****' for arg in cmd]
logging.debug(f"Executing command on pod {pod_name}: {' '.join(sanitized_cmd)}")

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information High

This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
try:
subprocess.run(cmd, check=True)
except subprocess.CalledProcessError as e:
Expand Down

0 comments on commit 253eb1e

Please sign in to comment.