zowe-cli icon indicating copy to clipboard operation
zowe-cli copied to clipboard

Published 20 hours ago verified publisher icon zowe

Token gets output to Imperative log in plain text

Open ghost opened this issue 4 years ago • 4 comments

If trace level logging is enabled, the Imperative AbstractRestClient logs the token value in plain text: https://github.com/zowe/imperative/blob/44f5ca26991b9845500d4357bbb7a47b63b8db09/packages/rest/src/client/AbstractRestClient.ts#L446

ghost avatar Sep 10 '20 17:09 ghost

@t1m0thyj, do we want to remove it from the trace level log? If so, should this be a good first issue ?

zFernand0 avatar Jul 27 '21 12:07 zFernand0

@zFernand0 How do you suggest that we sanitize the token? I'm thinking something like this:

this.log.trace("Using cookie authentication with token type %s", this.session.ISession.tokenType);

t1m0thyj avatar Jul 27 '21 15:07 t1m0thyj

I think that's good enough. However, Don't we want to deprecate tokenType and tokenValue? zowe/zowe-cli#1937

zFernand0 avatar Jul 27 '21 17:07 zFernand0

I added a comment to zowe/zowe-cli#1937 - but I'm wondering if we should not deprecate tokenType without more discussion.

dkelosky avatar Jul 27 '21 21:07 dkelosky