Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better method for making sure jsonschema logging does not dump PII into logs #912

Open
4 tasks
jeffbl opened this issue Nov 13, 2024 · 0 comments
Open
4 tasks

Better method for making sure jsonschema logging does not dump PII into logs #912

jeffbl opened this issue Nov 13, 2024 · 0 comments
Assignees
@shahdyousefak

Comments

@jeffbl
Copy link
Member

jeffbl commented Nov 13, 2024

Right now, we do a fair amount of logging.debug. Specifically when validating schemas, if an error is found, this means that if the entire error object is logged, it will include the full text of the offending JSON tag(s). If this includes information taken from the user's uploaded data, this could be a privacy leak. However,

PROPOSED SOLUTION
After talking to @JRegimbal, it might make sense to create a new log level below debug, e.g. logging.pii(), that is only enabled on testing servers without end-user data, and disabled on production servers. This would entail:

  • create new logging.pii() log level below debug
  • log warning if logging at PII level
  • update preprocessors and handlers to take their log level from config file / docker-compose
  • update preprocessors and handlers to print a reduced/redacted error when in debug or higher log level
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shahdyousefak shahdyousefak

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jeffbl @shahdyousefak