tim2CF

tim2CF

Sensitive data in stacktrace

Let’s say we have a module like

defmodule Foo do
  @salt Application.get_env(:foo, :salt, [])
  def hash(password) do
    try do
      {:ok, md5(password, @salt)}
    rescue 
      e -> {:error, {e, __STACKTRACE__}}
    end
  end
  defp md5(password, salt = [_ | _]) do
    Enum.reduce(salt, password, &:erlang.md5(&2<>&1))
  end
end

And when we call &hash/1 function it returns error

iex(19)> Foo.hash "123"
{:error,
 {%FunctionClauseError{
    args: nil,
    arity: 2,
    clauses: nil,
    function: :md5,
    kind: nil,
    module: Foo
  },
  [
    {Foo, :md5, ["123", []], [file: 'iex', line: 27]},
    {Foo, :hash, 1, [file: 'iex', line: 22]},
    {:erl_eval, :do_apply, 6, [file: 'erl_eval.erl', line: 677]},
    {:elixir, :eval_forms, 4, [file: 'src/elixir.erl', line: 265]},
    {IEx.Evaluator, :handle_eval, 5, [file: 'lib/iex/evaluator.ex', line: 249]},
    {IEx.Evaluator, :do_eval, 3, [file: 'lib/iex/evaluator.ex', line: 229]},
    {IEx.Evaluator, :eval, 3, [file: 'lib/iex/evaluator.ex', line: 207]},
    {IEx.Evaluator, :loop, 1, [file: 'lib/iex/evaluator.ex', line: 94]}
  ]}}

And we want to put this stacktrace to Logger (let’s say for easier debugging)
But we see, what stacktrace can contain sensitive data (in example is password = “123”)
Of course we can remove all arguments from stacktrace manually, but in most cases arguments are useful
Maybe there is already implemented solution to remove some arguments of some functions from stacktrace by marking them in module definition somehow?

It would be nice to say somehow that n-th argument of foo function in module Bar is sensitive and should be excluded from stacktrace

Most Liked Responses

sfusato

sfusato

There is ‘Custom struct inspections’ that was just released with Elixir 1.8:
https://github.com/elixir-lang/elixir/blob/v1.8/CHANGELOG.md

Maybe return just the tail of the stack trace and at an upper-level inspect your struct with the returned stack trace. This would obfuscate the password field or whatever you set to hide from your struct.

josevalim

josevalim

Creator of Elixir

Where Next?

Popular in Questions Top

_russellb
I want to try my hand at web scraping. What tools/libraries do I need to use. I’m hoping to turn this into something professional so don’...
New
marius95
Hello everyone, I try to use an Javascript Event Handler in my root.html.leex file. Therefore I created a function in the app.js file: ...
New
Tee
can someone please explain to me how Enum.reduce works with maps
New
Harrisonl
We have an ECS cluster with 4 services, where each task joins a single cluster, via discovery ECS discovery service. Currently when I de...
New
skosch
To my knowledge, put_in, Map.update etc. all have the one limitation of not automatically creating intermediate keys when needed (for exa...
New
lessless
I believe there are people here who are dealing with CSV files import on the daily basis, and since Excel is a really popular tool there ...
New
beno
I will often find my self writing things similar to: case some_value do nil -&gt; something() "" -&gt; something() _ -&gt; somethi...
New
joeerl
Hello again - after a longish gap I’ve decided I really must dig into Elixir and see what’s been happening here - so I have a few questio...
New
itssasanka
Hi all, Trying to get some more clarity over utc_datetime and naive_datetime for Ecto: The documentation above suggests that while ...
New
freewebwithme
Using vs code and installed ElixirLS: support and debugger. And I got an error popped up on start up says Failed to run ‘elixir’ comma...
New

Other popular topics Top

aadeshere1
I have a another noob question about loop. Since elixir is immutable, while loop is not directly possible. total = 10 while total != 0 ...
New
senggen
Erlang/OTP 25 [erts-13.2.2] [source] [64-bit] [smp:8:8] [ds:8:8:10] [async-threads:1] 15:22:35.803 [error] gen_event {lager_file_backend...
New
Darmani72
If I have a post route which an argument: post /my_post_route/:my_param1, MyController.my_post_handler How would get the post params ...
New
johnnyicon
Hi all, I’ve just started learning Elixir and Phoenix Framework, so please pardon my n00bness at this stage. I’m trying to use Postgres...
New
Fl4m3Ph03n1x
About me? ( if you have nothing better to do than reading about some random guy in the internet :stuck_out_tongue: ) Hello all, this is ...
New
jay1
Why is it that the mnesia database isn’t the most preferred database for use in Elixir/Phoenix?
New
aalberti333
As the title describes, I’m trying to run Enum.map() over a list of key/value pairs, where the value is a map. My data looks like this: ...
New
nobody
Hi! In PHP: $_SERVER[‘SERVER_ADDR’] - in Elixir? Searched the docs for ip address and the web, no good results. Thanks!
New
joaquinalcerro
Hi there, I am working with Ecto-Postgresql and I need to call all of the records from a specific table but the table has 40,000 records...
New
hariharasudhan94
Lets say i have map like this fetching from my database %{"_id" =&gt; #BSON.ObjectId&lt;58eb1a7a9ad169198c3dXXXX&gt;, "email" =&gt; "XXX...
New

We're in Beta

About us Mission Statement