search

jupyter-server / jupyter_server

The backend—i.e. core services, APIs, and REST endpoints—to Jupyter web applications.
https://jupyter-server.readthedocs.io
BSD 3-Clause "New" or "Revised" License
484 stars 295 forks source link

Environment variables passed to logs should be sanitised out of the logs #1436

Closed krassowski closed 2 months ago

krassowski commented 3 months ago

Description

In the --debug mode the server logs environment variables which may be sensitive. These should not be included IMO:

https://github.com/jupyter-server/jupyter_server/blob/b85c15b5678cd6ea9de28e4f547bc0dfef0a69c7/jupyter_server/services/kernels/kernelmanager.py#L246

Maybe something like self.log.debug("Kernel args: %r", {k: v for k, v in kwargs.items() if k != 'env'})?