From 46bd4cca2dac9777d0c5d51afccf363e87c3f5e5 Mon Sep 17 00:00:00 2001
From: akaila-splunk <akaila@splunk.com>
Date: Wed, 12 Jul 2023 19:25:54 +0530
Subject: [PATCH] Update binding.py

- updated keys in SENSITIVE_KEYS list
- masked headers data in logger
---
 splunklib/binding.py | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/splunklib/binding.py b/splunklib/binding.py
index 2a37f49f..e77bab6f 100644
--- a/splunklib/binding.py
+++ b/splunklib/binding.py
@@ -61,7 +61,10 @@
     "HTTPError"
 ]
 
-SENSITIVE_KEYS = ["password", "token", "Authorization"]
+SENSITIVE_KEYS = ['Authorization', 'Cookie', 'action.email.auth_password', 'auth', 'auth_password', 'clear_password', 'clientId',
+                  'crc-salt', 'encr_password', 'oldpassword', 'passAuth', 'password', 'session', 'suppressionKey',
+                  'token']
+
 # If you change these, update the docstring
 # on _authority as well.
 DEFAULT_HOST = "localhost"
@@ -90,7 +93,8 @@ def mask_sensitive_data(data):
         except Exception as ex:
             return data
 
-    if not isinstance(data, dict):
+    # json.loads will return "123"(str) as 123(int), so return the data
+    if isinstance(data, int):
         return data
     mdata = {}
     for k, v in data.items():
@@ -863,8 +867,7 @@ def request(self, path_segment, method="GET", headers=None, body={},
 
         all_headers = headers + self.additional_headers + self._auth_headers
         logger.debug("%s request to %s (headers: %s, body: %s)",
-                     method, path, str(all_headers), mask_sensitive_data(body))
-
+                     method, path, str(mask_sensitive_data(dict(all_headers))), mask_sensitive_data(body))
         if body:
             body = _encode(**body)