[Python Client] Sensitive Data Exposure in Debug Logs - No Built-in Redaction Mechanism #1025
Open
2 tasks done
Comments
|
DEBUG log level should not be used for production, it should only be used for Debugging, it is meant to "print as much as possible" for Debugging purposes, also in DEBUG mode the performance may be bad. Please don't use DEBUG mode for public stuff and you should be OK. |
|
Yes don't use DEBUG mode in production/public stuff as @juancarlospaco said. If you are looking for a filter that works with the import copy
import logging
import re
import httpx
class SensitiveDataFilter(logging.Filter):
def filter(self, record: logging.LogRecord) -> bool:
record.msg = self.sanitize_line(record.msg)
record.args = self.sanitize_args(record.args)
return True
@staticmethod
def sanitize_args(d):
if isinstance(d, dict):
d = d.copy() # so we don't overwrite anything
for k, v in d.items():
d[k] = SensitiveDataFilter.sanitize_line(v)
elif isinstance(d, tuple):
# need a deepcopy of tuple turned to a list, as to not change the original values
# otherwise we end up changing the items at the original memory location of the passed in tuple
y = copy.deepcopy(list(d))
for x, value in enumerate(y):
if isinstance(value, str):
y[x] = re.sub(r"abc-[0-9a-f\-]+", "[REDACTED-TOKEN]", value)
if isinstance(value, httpx.URL):
raw_value = str(value)
sanitized_url = re.sub(
r"abc-[0-9a-f\-]+", "[REDACTED-TOKEN]", raw_value
)
y[x] = httpx.URL(sanitized_url)
return tuple(y) # convert the list back to a tuple
return d
@staticmethod
def sanitize_line(line):
return re.sub(r"abc-[0-9a-f\-]+", "[REDACTED-TOKEN]", line)
# Applying the filter
logging.getLogger("httpx").addFilter(SensitiveDataFilter())
# Configure logging
logging.basicConfig(level=logging.INFO) |
|
@silentworks We don't use DEBUG mode in production, as @juancarlospaco mentioned. This was mainly in reference to dev builds. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
The Supabase Python client exposes sensitive data (tokens, query parameters) in debug logs without providing any built-in mechanism to redact this information. This was previously reported in discussion https://github.com/orgs/supabase/discussions/31019 but remains unresolved. This is a security concern as sensitive tokens and data are being logged in plaintext, potentially exposing them in log files.
To Reproduce
The debug logs will show sensitive information like:
Expected behavior
The Supabase Python client should:
System information
Additional context
Standard Python logging filters don't work effectively as the logs are generated by underlying libraries (httpx, httpcore, hpack). This is a security issue that needs proper handling at the client library level. Custom filters like:
don't fully address the issue as they can't catch all instances of sensitive data exposure.
This issue was previously raised in discussion https://github.com/orgs/supabase/discussions/31019 without any resolution, hence filing it as a bug report given its security implications.
The text was updated successfully, but these errors were encountered: