Context
environ.py:57 uses logger.exception("Invalid env override value for key: %s", name) when coercion of a PLONE_REGISTRY_* value fails.
logger.exception emits the full traceback. If the underlying coercion exception message contains the raw value — e.g. ValueError: invalid literal for int() with base 10: 'foo' — the raw env-var value lands in the log stream.
Impact
Low in practice. Only hits when:
- a
PLONE_REGISTRY_* var is set against a field whose coercer rejects the value, AND
- the raw value is sensitive (password, token, etc.)
Using env vars to override secret-like registry keys is unusual, but not impossible. Inherited from 1.x — unchanged in 2.0.
Suggested fix
Replace with either:
logger.error(
"Invalid env override value for key: %s (%s)",
name,
type(exc).__name__,
)or keep logger.exception but pass exc_info=False. Either way, no raw value reaches the log.
Labels
bug / security / good first issue
Context
environ.py:57useslogger.exception("Invalid env override value for key: %s", name)when coercion of aPLONE_REGISTRY_*value fails.logger.exceptionemits the full traceback. If the underlying coercion exception message contains the raw value — e.g.ValueError: invalid literal for int() with base 10: 'foo'— the raw env-var value lands in the log stream.Impact
Low in practice. Only hits when:
PLONE_REGISTRY_*var is set against a field whose coercer rejects the value, ANDUsing env vars to override secret-like registry keys is unusual, but not impossible. Inherited from 1.x — unchanged in 2.0.
Suggested fix
Replace with either:
or keep
logger.exceptionbut passexc_info=False. Either way, no raw value reaches the log.Labels
bug/security/good first issue