@@ -277,10 +277,11 @@ def _load_keyring(self, keyring_service) -> None:
277277 if isinstance (mist_apitoken , str ):
278278 for token in mist_apitoken .split ("," ):
279279 token = token .strip ()
280+ masked = _apitoken_sanitizer (token )
280281 LOGGER .info (
281282 "apisession:_load_keyring: Found MIST_APITOKEN=%s" ,
282- _apitoken_sanitizer ( token ) ,
283- ) # lgtm[py/clear-text-logging-sensitive-data]
283+ masked ,
284+ )
284285 self .set_api_token (mist_apitoken )
285286 mist_user = keyring .get_password (keyring_service , "MIST_USER" )
286287 if mist_user :
@@ -525,6 +526,7 @@ def set_api_token(self, apitoken: str, validate: bool = True) -> None:
525526 def _get_api_token_data (self , apitoken ) -> tuple [str | None , list | None ]:
526527 token_privileges = []
527528 token_type = "org" # nosec bandit B105
529+ masked = _apitoken_sanitizer (apitoken )
528530 try :
529531 url = f"https://{ self ._cloud_uri }
530532 headers = {"Authorization" : "Token " + apitoken }
@@ -536,8 +538,8 @@ def _get_api_token_data(self, apitoken) -> tuple[str | None, list | None]:
536538 data_json = data .json ()
537539 LOGGER .debug (
538540 "apisession:_get_api_token_data:info retrieved for token %s" ,
539- _apitoken_sanitizer ( apitoken ) ,
540- ) # lgtm[py/clear-text-logging-sensitive-data]
541+ masked ,
542+ )
541543 except requests .exceptions .ProxyError as proxy_error :
542544 LOGGER .critical ("apisession:_get_api_token_data:proxy not valid..." )
543545 CONSOLE .critical ("Proxy not valid...\r \n " )
@@ -553,8 +555,8 @@ def _get_api_token_data(self, apitoken) -> tuple[str | None, list | None]:
553555 except Exception :
554556 LOGGER .error (
555557 "apisession:_get_api_token_data:unable to retrieve info for token %s" ,
556- _apitoken_sanitizer ( apitoken ) ,
557- ) # lgtm[py/clear-text-logging-sensitive-data]
558+ masked ,
559+ )
558560 LOGGER .error (
559561 "apirequest:_get_api_token_data: Exception occurred" , exc_info = True
560562 )
@@ -563,16 +565,16 @@ def _get_api_token_data(self, apitoken) -> tuple[str | None, list | None]:
563565 if data .status_code == 401 :
564566 LOGGER .critical (
565567 "apisession:_get_api_token_data:invalid API Token %s: status code %s" ,
566- _apitoken_sanitizer ( apitoken ) ,
568+ masked ,
567569 data .status_code ,
568- ) # lgtm[py/clear-text-logging-sensitive-data]
570+ )
569571 CONSOLE .critical (
570572 "Invalid API Token %s: status code %s\r \n " ,
571- _apitoken_sanitizer ( apitoken ) ,
573+ masked ,
572574 data .status_code ,
573- ) # lgtm[py/clear-text-logging-sensitive-data]
575+ )
574576 raise ValueError (
575- f"Invalid API Token { _apitoken_sanitizer ( apitoken ) } { data .status_code }
577+ f"Invalid API Token { masked } { data .status_code }
576578 )
577579
578580 if data_json .get ("email" ):
@@ -600,8 +602,8 @@ def _get_api_token_data(self, apitoken) -> tuple[str | None, list | None]:
600602 "token %s" ,
601603 priv ,
602604 token_type ,
603- _apitoken_sanitizer ( apitoken ) ,
604- ) # lgtm[py/clear-text-logging-sensitive-data]
605+ masked ,
606+ )
605607 return (token_type , token_privileges )
606608
607609 def _check_api_tokens (self , apitokens ) -> list [str ]:
@@ -616,57 +618,56 @@ def _check_api_tokens(self, apitokens) -> list[str]:
616618 else :
617619 primary_token_privileges : list [str ] = []
618620 primary_token_type : str | None = ""
621+ primary_masked : str | None = ""
619622 for token in apitokens :
623+ masked = _apitoken_sanitizer (token )
620624 if token in valid_api_tokens :
621625 LOGGER .info (
622626 "apisession:_check_api_tokens:API Token %s is already valid" ,
623- _apitoken_sanitizer ( token ) ,
624- ) # lgtm[py/clear-text-logging-sensitive-data]
627+ masked ,
628+ )
625629 continue
626630 (token_type , token_privileges ) = self ._get_api_token_data (token )
627631 if token_type is None or token_privileges is None :
628632 LOGGER .error (
629633 "apisession:_check_api_tokens:API Token %s is not valid" ,
630- _apitoken_sanitizer ( token ) ,
631- ) # lgtm[py/clear-text-logging-sensitive-data]
634+ masked ,
635+ )
632636 LOGGER .error (
633637 "API Token %s is not valid and will not be used" ,
634- _apitoken_sanitizer ( token ) ,
635- ) # lgtm[py/clear-text-logging-sensitive-data]
638+ masked ,
639+ )
636640 elif len (primary_token_privileges ) == 0 and token_privileges :
637641 primary_token_privileges = token_privileges
638642 primary_token_type = token_type
643+ primary_masked = masked
639644 valid_api_tokens .append (token )
640645 LOGGER .info (
641646 "apisession:_check_api_tokens:"
642647 "API Token %s set as primary for comparison" ,
643- _apitoken_sanitizer ( token ) ,
644- ) # lgtm[py/clear-text-logging-sensitive-data]
648+ masked ,
649+ )
645650 elif primary_token_privileges == token_privileges :
646651 valid_api_tokens .append (token )
647652 LOGGER .info (
648653 "apisession:_check_api_tokens:"
649654 "%s API Token %s has same privileges as "
650655 "the %s API Token %s" ,
651656 token_type ,
652- _apitoken_sanitizer ( token ) ,
657+ masked ,
653658 primary_token_type ,
654- _apitoken_sanitizer ( token ) ,
655- ) # lgtm[py/clear-text-logging-sensitive-data],
659+ primary_masked ,
660+ )
656661 else :
657662 LOGGER .error (
658663 "apisession:_check_api_tokens:"
659664 "%s API Token %s has different privileges "
660- "than the %s API Token %s" ,
665+ "than the %s API Token %s and will not be used " ,
661666 token_type ,
662- _apitoken_sanitizer ( token ) ,
667+ masked ,
663668 primary_token_type ,
664- _apitoken_sanitizer (token ),
665- ) # lgtm[py/clear-text-logging-sensitive-data]
666- LOGGER .error (
667- "API Token %s has different privileges and will not be used" ,
668- _apitoken_sanitizer (token ),
669- ) # lgtm[py/clear-text-logging-sensitive-data]
669+ primary_masked ,
670+ )
670671 return valid_api_tokens
671672
672673 def _process_login (self , retry : bool = True ) -> str | None :
0 commit comments