Trace database requests include authorization token

Question

Trace database requests include authorization token

wilbaker opened this issue 9 months ago · 0 comments

Description

When the trace database is enabled, authorization tokens included in requests are being logged in plain text. They should be replaced with _OMITTED_AUTH_TOKEN_ (like the network logs).

Steps to reproduce

Set use_trace_database to true in engine settings
Specify an authentication token module in settings
Run RESTler against service

Expected results

Tokens values are replaced with _OMITTED_AUTH_TOKEN_

Actual results

Token values are logged in plain text.

Environment details

RESTler version 9.2.4