From 4f5ac123fc52b408b6c25bbaf9cbebe0ec7197e2 Mon Sep 17 00:00:00 2001
From: Sasha Romijn <github@mxsasha.eu>
Date: Mon, 8 Apr 2024 19:38:19 +0200
Subject: [PATCH] Remove potential local RPSL password log from irr_rpsl_submit

Fixes https://github.com/irrdnet/irrd/security/code-scanning/3
---
 irrd/scripts/irr_rpsl_submit.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/irrd/scripts/irr_rpsl_submit.py b/irrd/scripts/irr_rpsl_submit.py
index 7fde798..9ddbeeb 100755
--- a/irrd/scripts/irr_rpsl_submit.py
+++ b/irrd/scripts/irr_rpsl_submit.py
@@ -564,7 +564,12 @@ def create_http_request(requests_text, args):
         method=method,
         headers=headers,
     )
-    logger.debug("Submitting to %s; method %s}; headers %s; data %s", url, method, headers, http_data)
+    filtered_http_data = http_data
+    for password in request_body.get("passwords", []):  # pragma: no cover
+        filtered_http_data.replace(password, b"REMOVED")
+    logger.debug(
+        "Submitting to %s; method %s}; headers %s; data %s", url, method, headers, filtered_http_data
+    )
 
     return http_request