From ce47a895ef6655a0d9e7df8c424cf4df90ac988a Mon Sep 17 00:00:00 2001
From: Ernesto Serrano <erseco@gmail.com>
Date: Mon, 4 Aug 2025 14:18:16 +0100
Subject: [PATCH] Potential fix for code scanning alert no. 4: Clear-text
 logging of sensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 src/py_moodle/auth.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/py_moodle/auth.py b/src/py_moodle/auth.py
index e929f3b..b8533ea 100644
--- a/src/py_moodle/auth.py
+++ b/src/py_moodle/auth.py
@@ -160,7 +160,10 @@ def _cas_login(self):
             "_eventId": "submit",
         }
         if self.debug:
-            print(f"[DEBUG] POST {cas_login_url} payload={payload}")
+            redacted_payload = payload.copy()
+            if "password" in redacted_payload:
+                redacted_payload["password"] = "***REDACTED***"
+            print(f"[DEBUG] POST {cas_login_url} payload={redacted_payload}")
         # Keep session cookies in self.session
         resp = self.session.post(cas_login_url, data=payload, allow_redirects=False)
         if self.debug: