[Feature Request]: Add enabled-by-default option to censor sensitive secrets outputted by stacktraces and logging #96
Assignees
Labels
enhancement
New feature or request
Comments
|
Do we even need to log the sensitive information from cfg.yml shouldn't we just log the modes used? |
|
Sometimes the user might want sensitive logs for debugging purposes. I implemented any sensitive logs as a However, redacting stack traces might be harder. |
|
Ah okay, It was easy to implement the hiding of the sensitive logs but still looking at the stack traces, however suppressed_paths seems like it should sort the stack traces so going to look into that. |
Luminaex
added a commit
to Luminaex/Discord-OTP-Forcer
that referenced
this issue
Dec 3, 2023
Luminaex
added a commit
that referenced
this issue
Dec 3, 2023
Only added them being hidden when used in SENSITIVE_DEBUG logs.
|
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Currently the stacktrace and loguru logging modules spit out a bunch of local variable values at crash-time. Some of these variables include runtime configurations containing sensitive user secrets such as passwords, email addresses, and account tokens.
This is a potential security risk for users if they share their runtime logs publically for bug-tracking/fixing purposes.
Describe the solution you'd like
Implement a feature that's opted in by default, to redact/suppress any sensitive log/console outputs in logging or stack traces. Especially events of the SENSITIVE_DEBUG level in Loguru.
Describe alternatives you've considered
No response
Any other context/information?
In tandem: eventually split cfg.yml config file into a public and private config file: where public has program setting such as modes and can easily be shared in crash/bug reports, while private somehow securely stores inputted user secrets (preferably in an encrypted form)
The text was updated successfully, but these errors were encountered: