Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Censor all information from worker options tab #1304

Open
wants to merge 3 commits into
base: master
Choose a base branch
from

Conversation

themanifold
Copy link

@themanifold themanifold commented Jul 11, 2023

Flower will be default expose all objects in a celery worker in its config tab. See for example this worker:

import os
import time
from datetime import datetime

from celery import Celery

app = Celery("tasks",
             broker=os.environ.get('CELERY_BROKER_URL', 'pyamqp://0.0.0.0:5672'),
             )
app.conf.accept_content = ['pickle', 'json', 'msgpack', 'yaml']
app.conf.worker_send_task_events = True
app.conf.config = {"aaa":"bbbb"}

@app.task
def add(x, y):
    return x + y

if __name__ == "__main__":
    app.start()

image

By default, there is some censoring of information so that the password for the amqp broker is replaced with stars, though this is no perfect. In practice, you can "smuggle" sensitive information out by using non standard key names (also, I don't know what is doing this fuzzy censoring, so if anyone could point that out, it would be appreciated).

This pull request adds complete censoring of all values in the config tab, but will still display the keys (objects).

Running flower with the --censor-config flag will produce the following config tab:
image

Add option to censor sensitive information from worker.html UI
@themanifold
Copy link
Author

Is anyone available to review this?

@themanifold
Copy link
Author

Just bumping this

@themanifold
Copy link
Author

Bumping this again!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant