SDK logs sensitive data when running in debug mode

[pablogrigo]

Describe the bug
SDK logs sensitive data when running in debug mode.

To Reproduce
Steps to reproduce the behavior:

1. Configure logging in debug mode. (https://github.com/splunk/splunk-sdk-python#optionalset-up-logging-for-splunklib)
2. Call some specific endpoints (see list at the bottom).
3. Inspect the logs, note passwords are included in plain text.

Expected behaviour
No sensitive data is logged, even when running in debug mode.

Logs or Screenshots
The binding.py file contains several instances of logging of network operations.
Example 1: https://github.com/splunk/splunk-sdk-python/blob/master/splunklib/binding.py#L779
Example 2: https://github.com/splunk/splunk-sdk-python/blob/master/splunklib/binding.py#L845

Splunk

• Version: Any
• OS: Any
• Deployment: Any

SDK:

• Version: 1.7.2
• Language Python 3.X
• OS: Any

Additional context
There was an attempt to prevent password leaks, as seen in #439
Unfortunately, according to the API Reference https://docs.splunk.com/Documentation/Splunk/9.0.3/RESTREF/RESTlist there are several endpoints that will include either a password or a key in their body, to list a few:

• auth/login
• authentication/users
• authentication/users/{name}
• authentication/providers/SAML
• authentication/providers/SAML/{stanza_name}

The recommendation would be to avoid logging headers and payloads of network operations, as sensitive data could be included in both.

[ashah-splunk]

@pablogrigo sorry for the delay and thanks for bringing this to our notice. We have fixed this, request you to pull the latest Python SDK v1.7.4. Do let us know if the issue persists. Thanks!

[pablogrigo]

Thanks @ashah-splunk 👍