From 5eb1454e67bfd788bb7ab9a90abd832491a1c8e0 Mon Sep 17 00:00:00 2001
From: Julien Fontanet <julien.fontanet@isonoe.net>
Date: Fri, 22 Feb 2019 17:47:28 +0100
Subject: [PATCH] fix(xen-api/_transportCall): avoid logging session ID

---
 packages/xen-api/src/index.js | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/packages/xen-api/src/index.js b/packages/xen-api/src/index.js
index 0f06a9b61..f170369df 100644
--- a/packages/xen-api/src/index.js
+++ b/packages/xen-api/src/index.js
@@ -1145,9 +1145,15 @@ Xapi.prototype._transportCall = reduce(
             error = wrapError(error)
           }
 
+          // do not log the session ID
+          //
+          // TODO: should log at the session level to avoid logging sensitive
+          // values?
+          const params = args[0] === this._sessionId ? args.slice(1) : args
+
           error.call = {
             method,
-            params: replaceSensitiveValues(args, '* obfuscated *'),
+            params: replaceSensitiveValues(params, '* obfuscated *'),
           }
           throw error
         })