From c2048b3840784e06865237163279de4a637ac6f7 Mon Sep 17 00:00:00 2001 From: Alberto Daniel Badia Date: Sat, 24 Jan 2026 13:43:27 -0300 Subject: [PATCH] FIX: Token should be ofuscated on logs --- src/marketdata/client.py | 7 +++++-- src/marketdata/utils.py | 8 ++++++++ src/tests/test_utils.py | 11 ++++++++++- 3 files changed, 23 insertions(+), 3 deletions(-) diff --git a/src/marketdata/client.py b/src/marketdata/client.py index 355921a..c578ce3 100644 --- a/src/marketdata/client.py +++ b/src/marketdata/client.py @@ -18,7 +18,7 @@ from marketdata.resources.stocks import StocksResource from marketdata.settings import settings from marketdata.types import UserRateLimits -from marketdata.utils import format_duration_log +from marketdata.utils import format_duration_log, obfuscate_token class MarketDataClient: @@ -30,7 +30,10 @@ def __init__(self, token: str = None, logger: Logger = None): self.logger = logger or get_logger() self.logger.info(f"Initializing MarketDataClient") - self.logger.debug(f"Token: {self.token}") + logged_token = ( + self.token if self.token == NO_TOKEN_VALUE else obfuscate_token(self.token) + ) + self.logger.debug(f"Token: {logged_token}") self.logger.info(f"Base URL: {settings.marketdata_base_url}") self.logger.info(f"API Version: {settings.marketdata_api_version}") diff --git a/src/marketdata/utils.py b/src/marketdata/utils.py index 7c08f96..fe47e66 100644 --- a/src/marketdata/utils.py +++ b/src/marketdata/utils.py @@ -138,3 +138,11 @@ def format_duration_log(duration_ms: float) -> str: elif duration_ms < 100000: return f"{duration_ms / 1000:04.1f}s" return f"{duration_ms / 1000:.0f}s".rjust(5) + + +def obfuscate_token(token: str) -> str: + if not isinstance(token, str): + return str(token) + if len(token) <= 4: + return "****" + return "*" * (len(token) - 4) + token[-4:] diff --git a/src/tests/test_utils.py b/src/tests/test_utils.py index 586528c..4d3b46a 100644 --- a/src/tests/test_utils.py +++ b/src/tests/test_utils.py @@ -9,6 +9,7 @@ format_duration_log, format_timestamp, merge_csv_texts, + obfuscate_token, resume_long_text, split_dates_by_timeframe, validate_single_param, @@ -139,4 +140,12 @@ def test_format_duration_double_digit_s(): def test_format_duration_hundred_s(): assert format_duration_log(100000) == " 100s" - assert format_duration_log(123456) == " 123s" + + +def test_obfuscate_token(): + assert obfuscate_token("1234567890ABCD") == "**********ABCD" + assert obfuscate_token("ABCD") == "****" + assert obfuscate_token("ABC") == "****" + assert obfuscate_token("") == "****" + assert obfuscate_token("12345") == "*2345" + assert obfuscate_token(None) == "None"