2

I am using a library python-sonarqube-api, which shows a password in debug logs using a logger which I consider a bug.

Until it can be fixed I need to hide the password in the logs. I am considering using a filter but I am not sure how to use it without breaking current structure of all loggers in the software.

Could you suggest me some solution please?

Přemysl Šťastný
  • 1,579
  • 2
  • 16
  • 37
  • 1
    your program could encrypt this info before logging it. And then decrypt it after reading the log. https://stackoverflow.com/questions/27335726/how-do-i-encrypt-and-decrypt-a-string-in-python – Sembei Norimaki Mar 24 '22 at 11:44
  • @SembeiNorimaki I can't pass encrypted string to library...or at least I don't know how. – Přemysl Šťastný Mar 24 '22 at 11:47
  • In the link I provided, you have some examples on how to encrypt a string. If you can pass a string then you can pass an encrypted version of the string (it's still a string). The only thing to take in account is that you will then need to also provide a decryption method to recover the original data. – Sembei Norimaki Mar 24 '22 at 11:51
  • @SembeiNorimaki I understand that...but if I have no control how library works in inside, I can't provide any such method. – Přemysl Šťastný Mar 24 '22 at 11:53
  • Alternatively, cant you encrypt the logfile itself after it rotates (if it does that) and then have some sort of security (sorry I dont know how it's setup). :) – user56700 Mar 24 '22 at 11:59
  • @user56700 I am using Kibana, Elasticsearch and fluentd...So I think, this is also not a solution. :( – Přemysl Šťastný Mar 24 '22 at 12:01
  • Ouch I guess your bug report is the only solution then. – user56700 Mar 24 '22 at 12:02
  • Possible solution: https://relaxdiego.com/2014/07/logging-in-python.html#redacting-logs-using-a-filter – Přemysl Šťastný Mar 24 '22 at 12:32

0 Answers0