From f29c34ae2e11aab97e01c6a61582c7982383d449 Mon Sep 17 00:00:00 2001 From: Andrew Ruthven Date: Tue, 30 Sep 2025 19:06:49 +1300 Subject: [PATCH 1/2] Hide the password from jsonrpc debugging Blank out the password. Fixes: #70 To test I modified odoorpc/tests/__init__.py and added: import logging logging.basicConfig() logger = logging.getLogger('odoorpc') logger.setLevel(logging.DEBUG) --- odoorpc/rpc/jsonrpclib.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/odoorpc/rpc/jsonrpclib.py b/odoorpc/rpc/jsonrpclib.py index c0350a7..eadf363 100644 --- a/odoorpc/rpc/jsonrpclib.py +++ b/odoorpc/rpc/jsonrpclib.py @@ -49,12 +49,16 @@ def get_json_log_data(data): """Returns a new `data` dictionary with hidden params for log purpose. """ - log_data = data + log_data = copy.deepcopy(data) for param in LOG_HIDDEN_JSON_PARAMS: if param in data['params']: - if log_data is data: - log_data = copy.deepcopy(data) log_data['params'][param] = "**********" + + # The password is the 3rd element of the args array. + if 'args' in data['params']: + if 2 in data['params']['args']: + log_data['params']['args'][2] = "**********" + return log_data From 713ded37265b8fbdfaa3d1a9b4db3b28d7951429 Mon Sep 17 00:00:00 2001 From: Andrew Ruthven Date: Tue, 30 Sep 2025 23:09:43 +1300 Subject: [PATCH 2/2] Only call get_json_log_data when DEBUG logging is enabled The logic here is a bit expensive on CPU, and only need it if debug logging is enabled. --- odoorpc/rpc/jsonrpclib.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/odoorpc/rpc/jsonrpclib.py b/odoorpc/rpc/jsonrpclib.py index eadf363..504b164 100644 --- a/odoorpc/rpc/jsonrpclib.py +++ b/odoorpc/rpc/jsonrpclib.py @@ -96,6 +96,7 @@ def __init__( ): Proxy.__init__(self, host, port, timeout, ssl, opener) self._deserialize = deserialize + self.debug = logger.isEnabledFor(logging.DEBUG) def __call__(self, url, params=None): if params is None: @@ -109,8 +110,12 @@ def __call__(self, url, params=None): if url.startswith('/'): url = url[1:] full_url = self._get_full_url(url) - log_data = get_json_log_data(data) - logger.debug(LOG_JSON_SEND_MSG, {'url': full_url, 'data': log_data}) + + log_data = None + if self.debug: + log_data = get_json_log_data(data) + logger.debug(LOG_JSON_SEND_MSG, {'url': full_url, 'data': log_data}) + data_json = json.dumps(data) request = Request(url=full_url, data=encode_data(data_json)) request.add_header('Content-Type', 'application/json')