From 86cd1eb03752481ecbefaab848a5934f154fc0db Mon Sep 17 00:00:00 2001
From: Adam Grare <adam@grare.com>
Date: Tue, 10 Oct 2023 11:15:04 -0400
Subject: [PATCH] Don't log the token during re-auth

CVE-2023-46175
---
 .../providers/autosde/storage_manager/autosde_client.rb         | 2 --
 1 file changed, 2 deletions(-)

diff --git a/app/models/manageiq/providers/autosde/storage_manager/autosde_client.rb b/app/models/manageiq/providers/autosde/storage_manager/autosde_client.rb
index 68fbac29..6eaaeb05 100644
--- a/app/models/manageiq/providers/autosde/storage_manager/autosde_client.rb
+++ b/app/models/manageiq/providers/autosde/storage_manager/autosde_client.rb
@@ -48,13 +48,11 @@ def call_api(http_method, path, opts = {})
     case e.code
     when AUTH_TOKEN_INVALID
       begin
-        _log.warn("doing re-login: token is #{@token}")
         login
         set_auth_token
         super
       rescue
         # in case re-login did not help, throw error
-        _log.error("re-login was unsuccessful: token is #{@token}")
         raise # throw the last error
       end
     else