Skip to content

Commit

Permalink
Merge pull request #10365 from creative-commoners/pulls/4/docs-for-ad…
Browse files Browse the repository at this point in the history 
…ding-backtrace-filters

DOCS Encourage filtering sensitive arguments from logged backtraces.
  • Loading branch information
@sabina-talipova
sabina-talipova authored Jun 27, 2022
2 parents f63655b + 6a8915b commit ad581d9
Showing 1 changed file with 24 additions and 0 deletions.
24 changes: 24 additions & 0 deletions docs/en/02_Developer_Guides/07_Debugging/01_Error_Handling.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -303,6 +303,30 @@ SilverStripe\Core\Injector\Injector:

You should register something with a `start()` method.

## Filtering sensitive arguments

Depending on your PHP settings, error stacktraces may include arguments passed into functions. This could include sensitive
information such as passwords or API keys that you do not want leaking into your logs. The [Backtrace](api:SilverStripe\Dev\Backtrace)
class is responsible for rendering this backtrace and has a configuration variable `ignore_function_args` which holds the
names of functions for which arguments should be filtered. For functions in this list, the arguments are replaced with the
string "<filtered>".

You can add either functions or class methods to this list - for functions just add them as a string. For class methods,
add an array which contains the fully namespaced class name and the name of the method. If the method is declared on an
interface, or on a class which is subclassed by other classes, just put the name of the interface or the superclass and
`Backtrace` will automatically filter out the classes which implement the interface or are subclasses of your superclass.

```yml
SilverStripe\Dev\Backtrace:
ignore_function_args:
- 'some_php_function'
- ['App\MyClass', 'someMethod']
```

You should include any functions or methods here which have arguments that may be sensitive. If you are the author of a
module that other developers may use, it is best practice to include this configuration in the module. Developers should
not be expected to scan every Silverstripe module they use and add those declarations in their project configuration.

## Differences from Silverstripe CMS 3

In Silverstripe CMS 3, logging was based on the Zend Log module. Customisations were added using `SS_Log::add_writer()`.
Expand Down

0 comments on commit ad581d9

Please sign in to comment.