API secret logging in Cortex analyzers

[zpsaras7]

While debugging an analyzer that uses an api key/secret pair for auth, I noticed that the logs aren't properly being scrubbed for secrets.

There's checks in cortexutils/worker.py for scrubbing the keys but not the secrets, which I don't think is by design since the key is the identifier for these creds with most typical vendor integrations.

At the very least, the secrets are fields that should be scrubbed in the logs, leaving the key available to trace back for debugging if necessary

  "errorMessage": "Unexpected Error: ('Connection aborted.', OSError(0, 'Error'))",
  "input": "{\"data\":\"mydomain.com\",\"dataType\":\"domain\",\"tlp\":2,\"message\":\"61600\",\"parameters\":{},\"config\":{\"proxy_https\":null,\"cacerts\":null,\"check_tlp\":true,\"max_tlp\":2,\"auto_extract_artifacts\":true,\"jobCache\":10,\"check_pap\":true,\"max_pap\":2,\"jobTimeout\":30,\"api_key\":\"REMOVED\",\"service\":\"get\",\"proxy_http\":null,\"organization_id\":\"12345678\",\"api_secret\":\"**PLAINTEXT_API_SECRET**\",\"query_limit\":null},\"pap\":2}",
  "success": false
}```

[zpsaras7]

Don't have access to push a PR but the fix would be L150-L153

if 'apisecret' in analyzer_input.get('config', {}):
    analyzer_input['config']['apisecret'] = 'REMOVED'
if 'api_secret' in analyzer_input.get('config', {}):
    analyzer_input['config']['api_secret'] = 'REMOVED'

[nadouani]

This issue has been addressed by removing any config value of any config option including password, secret and key words