Let’s say we have a module like
defmodule Foo do
@salt Application.get_env(:foo, :salt, [])
def hash(password) do
try do
{:ok, md5(password, @salt)}
rescue
e -> {:error, {e, __STACKTRACE__}}
end
end
defp md5(password, salt = [_ | _]) do
Enum.reduce(salt, password, &:erlang.md5(&2<>&1))
end
end
And when we call &hash/1
function it returns error
iex(19)> Foo.hash "123"
{:error,
{%FunctionClauseError{
args: nil,
arity: 2,
clauses: nil,
function: :md5,
kind: nil,
module: Foo
},
[
{Foo, :md5, ["123", []], [file: 'iex', line: 27]},
{Foo, :hash, 1, [file: 'iex', line: 22]},
{:erl_eval, :do_apply, 6, [file: 'erl_eval.erl', line: 677]},
{:elixir, :eval_forms, 4, [file: 'src/elixir.erl', line: 265]},
{IEx.Evaluator, :handle_eval, 5, [file: 'lib/iex/evaluator.ex', line: 249]},
{IEx.Evaluator, :do_eval, 3, [file: 'lib/iex/evaluator.ex', line: 229]},
{IEx.Evaluator, :eval, 3, [file: 'lib/iex/evaluator.ex', line: 207]},
{IEx.Evaluator, :loop, 1, [file: 'lib/iex/evaluator.ex', line: 94]}
]}}
And we want to put this stacktrace to Logger (let’s say for easier debugging)
But we see, what stacktrace can contain sensitive data (in example is password = “123”)
Of course we can remove all arguments from stacktrace manually, but in most cases arguments are useful
Maybe there is already implemented solution to remove some
arguments of some
functions from stacktrace by marking them in module definition somehow?
It would be nice to say somehow that n-th
argument of foo
function in module Bar
is sensitive and should be excluded from stacktrace