When logging partial errors or exceptions in CommonLibrary.py and elsewhere, the raw query object is sometimes serialized and logged (e.g. json.dumps(query)). If the query contains token, refresh_token, or other credentials, they may leak in the logs.
We should apply censor_tokens() (or a similar redaction method) to the query objects before logging them.
This was noted during the review of PR #672.
When logging partial errors or exceptions in
CommonLibrary.pyand elsewhere, the rawqueryobject is sometimes serialized and logged (e.g.json.dumps(query)). If the query containstoken,refresh_token, or other credentials, they may leak in the logs.We should apply
censor_tokens()(or a similar redaction method) to the query objects before logging them.This was noted during the review of PR #672.