gorm icon indicating copy to clipboard operation
gorm copied to clipboard

Published 20 hours ago verified publisher icon go-gorm

fix: log trace should not log sql values

Open ssoroka opened this issue 2 years ago • 6 comments

What did this pull request do?

Log parameterized queries instead of full sql queries that may contain sensitive information

User Case Description

See https://github.com/go-gorm/gorm/issues/5287

Closes https://github.com/go-gorm/gorm/issues/5287

ssoroka avatar Apr 22 '22 19:04 ssoroka

Hello @ssoroka

Thank you for your PR, but I think we can change log's callback method to

func(... logger.Config) (string, int64) and use the Config param to control returns parameterized or full SQL.

Can you make the change?

jinzhu avatar Apr 24 '22 01:04 jinzhu

That sounds like it would be a breaking change for anyone who has a custom logger already. Is there another place to put the config that wouldn't be a breaking change? And if we do that, can we default to the secure option?

Edit: oh, I think I see what you're saying.

ssoroka avatar Apr 25 '22 15:04 ssoroka

Hi, any update with this one? It is really important for us (and I think any consumer), since PII is getting leaked when enabling sql logs. Any help needed to close this one?

dorsha avatar Jul 26 '22 05:07 dorsha

+1

finnnark avatar Jul 28 '22 03:07 finnnark

PR Updated. let me know if this is what you were thinking. Test failures don't seem related to my change.

ssoroka avatar Aug 19 '22 19:08 ssoroka

Hi @ssoroka @demoManito Any updates on this PR?

dageev-hs avatar Oct 11 '22 11:10 dageev-hs

Hej

Is there any way to support this to be integrated into gorm? @ssoroka @demoManito

thundering-herd avatar Dec 08 '22 13:12 thundering-herd