Skip to content

dict_traceback showing locals which includes credentials #715

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
leoskyrocker opened this issue Mar 31, 2025 · 1 comment
Open

dict_traceback showing locals which includes credentials #715

leoskyrocker opened this issue Mar 31, 2025 · 1 comment

Comments

@leoskyrocker
Copy link

Sensitive data can be printed by exposing all of the locals.
I've encountered one with using psycopg2. It stores database connection strings, and is exposed when there is an uncaught exception.

Proposed Resolution

Allow dict traceback or traceback.SHOW_LOCALS to be configured (currently it is hardcoded)
@sscherfke
Copy link
Contributor

Are you using structlog.processors.dict_tracebacks()?

This is just a shortcut for ExceptionRenderer(ExceptionDictTransformer()) which has a show_locals argument.

If secrets are wrapped with pydantic.Secret() or typed_settings.Secret(), they will not leak. But I think very few people actually to this and for external libs, you can't control this behavior.

So maybe changing the default of SHOW_LOCALS to False might be a good idea.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sscherfke @leoskyrocker