phing icon indicating copy to clipboard operation
phing copied to clipboard

Published 20 hours ago verified publisher icon phingofficial

Mask passwords in VERBOSE logs when running Phing in debug mode?

Open amigian74 opened this issue 2 years ago • 7 comments

Is your feature request related to a problem? Please describe. Right now all properties are logged with VERBOSE level on. This is critical in some situations, especially if passwords are involved (MySql for instance)

Describe the solution you'd like It wolud be nice to add an attribute (hideoutput=true/false or disguiseoutput=true/false) to solve this problem.

amigian74 avatar Mar 17 '22 09:03 amigian74

Hi, not sure I understand what you need. Do you want to change the log level of properties? Or mask some properties in all cases? For which tasks? In which situations? And why do you need to mask it?

mrook avatar Mar 18 '22 08:03 mrook

Hi. The last one. With VERBOSE all properties used in a task are shown in the log. This also shows password properties (for instance for the pdosqlexec task). This is not so good - it would be better to mark such properties always hidden or disguise the output as usual for passwords.

amigian74 avatar Mar 18 '22 08:03 amigian74

This is not trivial. Tasks are not in control of the dumping of properties to console under VERBOSE, that's a core Phing capability. We'd need to either add whether a property is sensitive or not, or use regexp masking rules to replace passwords with other characters when under VERBOSE.

Having a "do not dump properties" option while running phing in debug mode is also an option, but feels like a shortcut to fix a symptom.

I'm not entirely sure we need this yet, interested to see what other users think.

mrook avatar Mar 18 '22 08:03 mrook

@siad007 WDYT?

mrook avatar May 16 '22 12:05 mrook

For my custom-tasks i do something like:

    public function log($msg, $level = Project::MSG_INFO, ?Exception $t = NULL) {
        $msg = preg_replace('~--password="?([^"]+)"?\s~', '--password="******" ', $msg);
        $this->project->logObject($this, $msg, $level, $t);
    }

No idea how to do this globally, but per task we can hide sensitive data by this way.

MiRacLe-RPZ avatar Jun 14 '22 14:06 MiRacLe-RPZ

We could simply introduce a listener, which could hide by configuration either

  • all properties or
  • properties by regex or
  • some global definable things like user/password from url etc.

Advantage of a listener instead of a logger: we could combine this with other listeners and/or a logger.

siad007 avatar Jun 29 '22 20:06 siad007

I was reading this RFC Redacting parameters in back traces and I remembered this issue. Maybe it can be useful, at least as inspiration?

jawira avatar Sep 08 '22 11:09 jawira