-
Notifications
You must be signed in to change notification settings - Fork 122
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PII/secrets leaked via exception message #512
Comments
Thanks for the report! I can confirm I have also seen this in the wild, for example:
The immediate mitigation is to use the There is a test that covers the scrubbing logic, but it could do with some expansion to demonstrate how it's possible to handle these particular shapes. I'd encourage you to try the scrublist method and attempt to black it out and submit a PR to demonstrate that in test. I'll also work on this. |
It occurs to me that a more surgical approach might be similar to how GitHub Advanced Security scans repositories looking for secrets: it does so by knowing the shape of the secrets and surrounding context. For example, anything of the form Ideas welcomed! |
In a similar vein to the other open scrubbing issues, exception messages themselves leak information.
for example:
Such an exception also causes issues when capturing args:
This is the most obvious clear cut example, but there are other more subtle ways information can be leaked via exception messages.
The text was updated successfully, but these errors were encountered: