Comments (4)
Hi Dane,
Thanks for reaching out and apologies for the delayed response.
If sensitive information is being included in events reported to BugSnag, it should be possible to modify the event object to remove this data using a callback. For instance, if a password passed in a console command to your app is being captured in the stack trace of your events, you might use a callback to parse through the stack trace of each event, identifying frames which contain sensitive information and modifying the frame to remove it.
So we can best suggest how to redact this information, I would be interested to know where you are seeing these sensitive options in your BugSnag events? If you would like to share some example events with us, feel free to open a support ticket with BugSnag support providing a link to this GitHub issue.
from bugsnag-php.
Thanks, I sent a screenshot to help clarify.
I saw the documentation on customizing the error report but I didn't see how it helps here. The problem is that the sensitive parameters are in the "location" field (at least I think that's what you'd call it for a web app). They are not in the stack trace or metadata. And I can't see how to modify the reported location.
from bugsnag-php.
Hi Dane,
Thanks for sending that screenshot to us. From the screenshot I can see that your --password
values are being included in the context of your events. As mentioned in my last message, it should be possible to remove this using a callback, however, instead of modifying the stack trace, you can modify the events context. To do this, you will need to use the GetContext and SetContext methods. For instance:
public function boot()
{
parent::boot();
$this->container->get('bugsnag')->registerCallback(function ($report) {
$context = $report->getContext();
if (strpos($context, "--password") !== false) {
$report->setContext(substr($context, 0, strpos($context, "--password")));
}
});
}
Itβs worth noting that in Symfony, callbacks should be registered within the boot function of your src/Kernel.php
file, as shown in our docs here.
Please let me know if you have any problems implementing this in your project.
from bugsnag-php.
Awesome, thanks! That snippet worked on the first try; very impressive! :) Here's my implementation for anyone who's curious: acquia/cli#1465
I guess I missed in the docs that Context held this information. In hindsight I should have caught this:
This is typically set to a filename or request path automatically, depending on the framework and application type.
You mentioned callbacks should be registered on boot. I assume that's to ensure that the callbacks run even on early errors during boot? Our app is a little weird since we don't use the Framework Bundle for performance reasons, and this makes it difficult to access the container in the way you might expect. But we'll take this into consideration.
from bugsnag-php.
Related Issues (20)
- Joomla integration ? similar Wordpress.. HOT 1
- StyleCI not working HOT 9
- Packagist hooks need updating HOT 1
- Unable to install on PHP 5.5 HOT 5
- PHP 7.2: count(): Parameter must be an array or an object that implements Countable HOT 3
- Session handler design HOT 1
- Consider using phpstan (or another analyser) on the codebase HOT 2
- Memory exhaustion error reports are lost HOT 4
- setRedactedKeys cannot support non-regex and regex filters at the same time HOT 7
- Option to disable syslog() call HOT 4
- Downstream Vulnerability - Guzzle <1.8.4 >=2.0.0, <2.1.1 HOT 3
- Is payloadVersion set on the wrong object? HOT 2
- Yii2: Logs are not flushed on shutdown HOT 5
- Error running tests with php7.4 HOT 5
- Unable to modify breadcrumbs from registerCallback HOT 3
- New Relic PHP extension causes duplicate errors in BugSnag HOT 2
- startSession immediately triggers deliverSessions HOT 1
- API keys for service accounts
- SSL certificate problem: self-signed certificate in certificate chain
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bugsnag-php.