Mask passwords in VERBOSE logs when running Phing in debug mode?

phingofficial / phing

PHing Is Not GNU make; it's a PHP project build system or build tool based on Apache Ant.

https://www.phing.info

GNU Lesser General Public License v3.0

1.16k stars 319 forks source link

Mask passwords in VERBOSE logs when running Phing in debug mode? #1672

Open amigian74 opened 2 years ago

amigian74 commented 2 years ago

Is your feature request related to a problem? Please describe. Right now all properties are logged with VERBOSE level on. This is critical in some situations, especially if passwords are involved (MySql for instance)

Describe the solution you'd like It wolud be nice to add an attribute (hideoutput=true/false or disguiseoutput=true/false) to solve this problem.

mrook commented 2 years ago

Hi, not sure I understand what you need. Do you want to change the log level of properties? Or mask some properties in all cases? For which tasks? In which situations? And why do you need to mask it?

amigian74 commented 2 years ago

Hi. The last one. With VERBOSE all properties used in a task are shown in the log. This also shows password properties (for instance for the pdosqlexec task). This is not so good - it would be better to mark such properties always hidden or disguise the output as usual for passwords.

mrook commented 2 years ago

This is not trivial. Tasks are not in control of the dumping of properties to console under VERBOSE, that's a core Phing capability. We'd need to either add whether a property is sensitive or not, or use regexp masking rules to replace passwords with other characters when under VERBOSE.

Having a "do not dump properties" option while running phing in debug mode is also an option, but feels like a shortcut to fix a symptom.

I'm not entirely sure we need this yet, interested to see what other users think.

mrook commented 2 years ago

@siad007 WDYT?

MiRacLe-RPZ commented 2 years ago

For my custom-tasks i do something like:

    public function log($msg, $level = Project::MSG_INFO, ?Exception $t = NULL) {
        $msg = preg_replace('~--password="?([^"]+)"?\s~', '--password="******" ', $msg);
        $this->project->logObject($this, $msg, $level, $t);
    }

No idea how to do this globally, but per task we can hide sensitive data by this way.

siad007 commented 2 years ago

We could simply introduce a listener, which could hide by configuration either

all properties or
properties by regex or
some global definable things like user/password from url etc.

Advantage of a listener instead of a logger: we could combine this with other listeners and/or a logger.

jawira commented 2 years ago

I was reading this RFC Redacting parameters in back traces and I remembered this issue. Maybe it can be useful, at least as inspiration?