Don't log sensitive data with logged method #244
Conversation
Codecov Report
@@ Coverage Diff @@
## master #244 +/- ##
==========================================
- Coverage 86.45% 86.40% -0.06%
==========================================
Files 18 18
Lines 2570 2574 +4
==========================================
+ Hits 2222 2224 +2
- Misses 348 350 +2
Flags with carried forward coverage won't be shown. Click here to find out more.
|
|
@digitronik @mshriver could you please look at this ? |
There was a problem hiding this comment.
I think we can't control selenium side logs
DEBUG:urllib3.connectionpool:http://localhost:4444 "POST /session/9bab0357d071d4eaae6a146e8fa94eba/execute/sync HTTP/1.1" 200 0
DEBUG:selenium.webdriver.remote.remote_connection:Remote response: status=200 | data={"value":"foo"} | headers=HTTPHeaderDict({'content-length': '15', 'content-type': 'application/json; charset=utf-8', 'cache-control': 'no-cache'})
DEBUG:selenium.webdriver.remote.remote_connection:Finished Request
INFO:widgetastic_null:[TextInput]: fill(*****, sensitive=True) -> False (elapsed 89 ms)
| @@ -30,8 +30,15 @@ def call_sig(args: Iterator[Any], kwargs: MutableMapping[str, Any]) -> str: | |||
| Returns: | |||
| A string that contains parameters in parentheses like the call to it. | |||
| """ | |||
| arglist = [repr(x) for x in args] | |||
| arglist.extend(f"{k}={v!r}" for k, v in kwargs.items()) | |||
| safe_args = ["sensitive", "locator"] | |||
There was a problem hiding this comment.
i suppose debugging is completely ruined unless at least locator is not hidden
|
@JaurbanRH marking draft until the comments have been addressed. If you're not able to continue work on this let us know and we'll take over ownership of the commit. Thanks! |
|
@mshriver Yes, I am unable to continue to work on this issue. |
|
im wondering if we could make use of pydantic Secret objects to explicitly mark secrets, and then have a logging filter for the selenium namespace to explicitly mark the sensitive data unfortunately introducing secrets now will be very disruptive for users at first |
sensitiveparameter was introduced recently, but it was not reflected in log function decorator. This PR changes behaviour to hide all attributes except the safe ones.