From 253eb1e1c83c40a9f7b5071a2238dcb16898500b Mon Sep 17 00:00:00 2001
From: vivekr-splunk <94569031+vivekr-splunk@users.noreply.github.com>
Date: Wed, 20 Nov 2024 11:53:39 -0800
Subject: [PATCH] Fix code scanning alert no. 32: Clear-text logging of
 sensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 tools/kubectl-splunk | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tools/kubectl-splunk b/tools/kubectl-splunk
index b8da82a0f..abf43aecf 100755
--- a/tools/kubectl-splunk
+++ b/tools/kubectl-splunk
@@ -194,7 +194,8 @@ def execute_on_pod(args, pod_name):
     else:
         return
 
-    logging.debug(f"Executing command on pod {pod_name}: {' '.join(cmd)}")
+    sanitized_cmd = [arg if '-auth' not in arg else '-auth *****:*****' for arg in cmd]
+    logging.debug(f"Executing command on pod {pod_name}: {' '.join(sanitized_cmd)}")
     try:
         subprocess.run(cmd, check=True)
     except subprocess.CalledProcessError as e: