Skip to content

Support new robot 7.4 secret variables as part of auth params #411

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
oboehmer wants to merge 28 commits into
base: master
Choose a base branch
from
Open

Support new robot 7.4 secret variables as part of auth params #411

oboehmer wants to merge 28 commits into from

Conversation

@oboehmer
Copy link
Contributor

@oboehmer oboehmer commented Oct 28, 2025
edited
Loading

resolves #410

Overview

This branch adds support for Robot Framework's Secret type (introduced in Robot Framework 7.4) to prevent credential exposure in logs, even at DEBUG and TRACE levels.

Key Features

1. Robot Framework Secret Type Support

Automatically detects and processes Robot Framework's Secret type in authentication credentials. Secrets are extracted from wrappers before passing to requests library and never logged in clear text.

2. Conditional Authorization Header Masking

  • With Secrets: Authorization headers masked (Authorization: *****) in HTTP debug output
  • Without Secrets: Headers remain visible for debugging
  • INFO Level: Always masks (existing behavior preserved)

3. Backward Compatibility

Fully compatible with Robot Framework < 7.4. Gracefully degrades when Secret type unavailable. No breaking changes.

Core Changes

  • utils.py: Added check_and_process_secrets() for single-pass secret detection and processing (optimized from O(2n) to O(n))
  • RequestsKeywords.py: Tracks secret usage via _request_has_secrets flag, processes auth parameters
  • SessionKeywords.py: Regex-based masking in _print_debug(), stores _has_secrets on session objects
  • log.py: Enhanced log_request() to conditionally mask based on secret presence

Session Support

All session creation keywords updated to detect and track secrets:

  • Create Session
  • Create Client Cert Session
  • Create Digest Session
  • Create Ntlm Session

Testing

  • 3 new test cases for Robot Secrets (Basic auth, Digest auth, session-less)
  • Unit tests for secret processing functions
  • CI/CD matrix tests RF 7.3.2 and 7.4

@oboehmer oboehmer marked this pull request as ready for review October 28, 2025 09:47
@oboehmer oboehmer changed the title Support new robot 7.4 secret vars in Session Keywords Support new robot 7.4 secret variables as part of auth params Oct 28, 2025
@codecov
Copy link

codecov bot commented Oct 29, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 88.23529% with 8 lines in your changes missing coverage. Please review.
✅ Project coverage is 88.97%. Comparing base (3f83f5d) to head (4d726b0).

Files with missing lines Patch % Lines
src/RequestsLibrary/SessionKeywords.py 75.00% 7 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master     #411      +/-   ##
==========================================
+ Coverage   85.38%   88.97%   +3.58%     
==========================================
  Files           9        9              
  Lines         479      535      +56     
  Branches       49       61      +12     
==========================================
+ Hits          409      476      +67     
+ Misses         65       56       -9     
+ Partials        5        3       -2
Flag Coverage Δ
acceptance 84.11% <75.00%> (-1.28%) ⬇️
unit 63.92% <80.88%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@oboehmer
Copy link
Contributor Author

oboehmer commented Nov 5, 2025

@lucagiove . Can you please review this PR? Would be great to have this available once rf7.4 is released

@lucagiove lucagiove self-assigned this Nov 30, 2025
@lucagiove lucagiove added this to the 1.0 milestone Nov 30, 2025
oboehmer and others added 5 commits December 25, 2025 10:49
@oboehmer @claude
mask Authorization header in HTTP debug output when secrets are used
d8ddff8 
Prevent exposure of credentials in Robot Framework logs at DEBUG/TRACE
levels by masking Authorization headers in HTTP connection debug output
when Robot Secret types are detected.

Changes:
- Add check_and_process_secrets() to detect and process secrets in one pass
- Track secret usage in sessions via _has_secrets attribute
- Mask Authorization header in _print_debug() when secrets present
- Import AUTHORIZATION constant from log module for consistency

This ensures credentials are never logged even with debug=3, while still
allowing Authorization headers to be visible for debugging when no secrets
are used (e.g., test credentials).

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <[email protected]>
@oboehmer
adjust unit test
7e96c48
@oboehmer
remove unneeded functions
9907dec
@oboehmer
remove redundant comments
15298bf
@oboehmer
replace session attribute with helper function and tracking dict
4d726b0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@lucagiove lucagiove

Labels

feature

Projects

None yet

Milestone

1.0

Development

Successfully merging this pull request may close these issues.

Support new Secret variables in RequestLibrary

2 participants

@oboehmer @lucagiove