Hide/mask/scrub secrets/passwords in logs

[lqkallas]

🚀 Feature Proposal

Passwords and other secrets sent by sendKeys variants are seen in plaintext in the logs. It would be nice to be able to prevent that for example by providing an additional parameter to sendKeys function as done in Appium, FR appium/appium#7622, PR appium/appium-support#180.

I wonder if it’s technically possible to hide in the headers and body of responses as well as printing to standart output.

Motivation

As a developer, I would like to know that the data in Selenium logs does not expose secrets that can be used to harm my company in case an attacker would take over an account.

Example

Example given, if my tests requires me to have a secret as part of it – in a best case, a session token; in a worse case, credentials to an application – I would like to be sure it can not be retrieved from Selenium logs.

For that, I would like to have a way to tell Selenium that I want to mask or redact logging particular data in logs. For example, providing a regex to change QC123456789 in the logs to QC*********.

[diemol]

Could you please share more details about the use case? Are you referring to the Selenium Grid logs?

Perhaps the most important question is, how would Selenium know that it should hide or mask any given text?

[lqkallas]

For example if it is necessary for automated testing to have a secret of an application as part of it and the secret gets logged by Selenium. So if an attacker would get access to the logs containing a secret or credentials to an application, the consequences could be tire as test accounts are not monitored as much. I'm thinking more of the case when automated tests are implemented by using Selenium WebDriver.

What about if Selenium WebDriver's sendKeys method would have an additional parameter which would let Selenium know whether to hide or mask that specific text?

[dylanlive]

@lqkallas Are you logging out on DEBUG? Or are these going out on the INFO level? It was definitely a consideration I made as well when choosing my logging level.

[AutomatedTester]

@lqkallas The solution would need to be in the server else we would need to update all the clients which seems a little overkill.

Since we're doing sendKeys it's either we log all contents or we mask all contents (or we see about allowing people to specify a regex they may want to mask but I'm not sold on that solution yet).

[diemol]

This has been open for a while to gather interest from the community, as we do not see many people chiming in, we interpret it as a feature not widely needed. Therefore, I will close this. However, if someone is interested to implement this, please reach out to us to discuss approaches at the IRC/Slack channel.

[github-actions]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.