Never log, display, or store sensitive information like passwords, tokens, or secrets in clear text. This creates significant security vulnerabilities that could lead to unauthorized access and data breaches.

When working with sensitive data:

Mask or hash sensitive values before logging
Use secure logging frameworks that automatically redact sensitive data
Implement proper encryption for data at rest and in transit
Use dedicated secure storage solutions for secrets

Example of vulnerable code:

# Insecure - logs sensitive data in clear text
logging.info(f"cloning {git_url} to {clone_dir}")
print(f'attempting to load module {module_params.module_source} via git loader')

Secure alternative:

# Secure - masks sensitive information
safe_url = re.sub(r'(https?://)([^:]+)(:.+@|@)(.*)', r'\1\2@\4', git_url)
logging.info(f"cloning {safe_url} to {clone_dir}")

# For debugging, avoid logging sensitive parameters directly
logging.info(f"attempting to load module via git loader")

Add Repository

Private Repository