[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wikitech-l
Subject:    Re: [Wikitech-l] $wgRedactedFunctionArguments
From:       Ori Livneh <ori () wikimedia ! org>
Date:       2013-10-30 0:23:24
Message-ID: CAHXK4BxiVGuWjh1yyPK4nGBHMbhbKmYcO=hwXYYBOAvV4d1Qcg () mail ! gmail ! com
[Download RAW message or body]

On Tue, Oct 29, 2013 at 6:55 AM, Dan Andreescu <dandreescu@wikimedia.org> wrote:
>> I don't think the idea here was to ever make the stack traces *safe*,
>> just to redact the most obvious things to reduce the risk if someone
>> carelessly posts a stack trace publicly.
>>
>> Personally, I think the "Java model" as exemplified in
>> https://gerrit.wikimedia.org/r/#/c/92334/ PS3 goes too far in the
>> other direction. In this case, an option to log unredacted traces that
>> I could enable on my local test wiki would be useful.
>
>
> I think Ori's original point stands though.  Configuration could be used to
> redact fully / not redact at all for local debugging purposes.  But a black
> list for what to redact is bad for all the reasons black lists are bad
> security in general.

I think the approach we are converging on is this:

- Always redact all argument values for user-facing backtraces
- Never redact any argument values for wfDebugLog()'d backtraces
- Redact arguments by replacing each argument with the name of its
class (if object) or type (if primitive).

The redacted traces look like this:

#0 /vagrant/mediawiki/extensions/Vector/Vector.hooks.php(82):
functionThatFails(OutputPage)
#1 [internal function]: VectorHooks::beforePageDisplay(string, string)
#2 /vagrant/mediawiki/includes/Hooks.php(199):
call_user_func_array(string, array)
#3 /vagrant/mediawiki/includes/GlobalFunctions.php(3877):
Hooks::run(string, array)
#4 /vagrant/mediawiki/includes/OutputPage.php(2075): wfRunHooks(string, array)
#5 /vagrant/mediawiki/includes/Wiki.php(610): OutputPage->output()
#6 /vagrant/mediawiki/includes/Wiki.php(467): MediaWiki->main()
#7 /vagrant/mediawiki/index.php(49): MediaWiki->run()
#8 {main}

_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
[prev in list] [next in list] [prev in thread] [next in thread]