While debugging an analyzer that uses an api key/secret pair for auth, I noticed that the logs aren't properly being scrubbed for secrets.
At the very least, the secrets are fields that should be scrubbed in the logs, leaving the key available to trace back for debugging if necessary
"errorMessage": "Unexpected Error: ('Connection aborted.', OSError(0, 'Error'))",
"input": "{\"data\":\"mydomain.com\",\"dataType\":\"domain\",\"tlp\":2,\"message\":\"61600\",\"parameters\":{},\"config\":{\"proxy_https\":null,\"cacerts\":null,\"check_tlp\":true,\"max_tlp\":2,\"auto_extract_artifacts\":true,\"jobCache\":10,\"check_pap\":true,\"max_pap\":2,\"jobTimeout\":30,\"api_key\":\"REMOVED\",\"service\":\"get\",\"proxy_http\":null,\"organization_id\":\"12345678\",\"api_secret\":\"**PLAINTEXT_API_SECRET**\",\"query_limit\":null},\"pap\":2}",
"success": false
}```
While debugging an analyzer that uses an api key/secret pair for auth, I noticed that the logs aren't properly being scrubbed for secrets.
There's checks in cortexutils/worker.py for scrubbing the keys but not the secrets, which I don't think is by design since the key is the identifier for these creds with most typical vendor integrations.
At the very least, the secrets are fields that should be scrubbed in the logs, leaving the key available to trace back for debugging if necessary