LuXeZs
commented
7 months ago Do we even need to log the sensitive information from cfg.yml shouldn't we just log the modes used?
Open Derpitron opened 7 months ago
LuXeZs
commented
7 months ago Do we even need to log the sensitive information from cfg.yml shouldn't we just log the modes used?
Derpitron
commented
7 months ago Sometimes the user might want sensitive logs for debugging purposes.
I implemented any sensitive logs as a SENSITIVE_DEBUG Log Level in Loguru logging library. This means it should be easy to suppress any logs with that level.
However, redacting stack traces might be harder.
LuXeZs
commented
7 months ago Ah okay, It was easy to implement the hiding of the sensitive logs but still looking at the stack traces, however suppressed_paths seems like it should sort the stack traces so going to look into that.
Derpitron
commented
5 months ago ⚠️ Program Stack traces still reveal sensitive secrets (afaik the user's ENTIRE CONFIG).
Description
Currently the stacktrace and loguru logging modules spit out a bunch of local variable values at crash-time. Some of these variables include runtime configurations containing sensitive user secrets such as passwords, email addresses, and account tokens.
This is a potential security risk for users if they share their runtime logs publically for bug-tracking/fixing purposes.
Describe the solution you'd like
Implement a feature that's opted in by default, to redact/suppress any sensitive log/console outputs in logging or stack traces. Especially events of the SENSITIVE_DEBUG level in Loguru.
Describe alternatives you've considered
No response
Any other context/information?
In tandem: eventually split cfg.yml config file into a public and private config file: where public has program setting such as modes and can easily be shared in crash/bug reports, while private somehow securely stores inputted user secrets (preferably in an encrypted form)