Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport: Redact object data in heap snapshots, with option to opt-out #174

Merged
merged 1 commit into from
Aug 26, 2024
Merged

Backport: Redact object data in heap snapshots, with option to opt-out #174

merged 1 commit into from
Aug 26, 2024

Conversation

kpamnany
Copy link
Collaborator

@kpamnany kpamnany commented Aug 26, 2024
edited
Loading

PR Description

Do not emit the contents of strings in heap snapshots.

Checklist

Requirements for merging:

@kpamnany @NHDaly @IanButterworth
Redact object data in heap snapshots, with option to opt-out (JuliaLa…
bddc723 
…ng#55326)

The contents of strings can contain user data which may be proprietary
and emitting them in the heap snapshot makes the heap snapshot a
potential vulnerability rather than a useful debugging artifact.

There are likely other tweaks necessary to make heap snapshots "safe",
but this is one less.

---------

Co-authored-by: Nathan Daly <[email protected]>
Co-authored-by: Ian Butterworth <[email protected]>
@github-actions github-actions bot added port-to-v1.10 This change should apply to Julia v1.10 builds port-to-master This change should apply to all future Julia builds labels Aug 26, 2024
@kpamnany kpamnany removed port-to-v1.10 This change should apply to Julia v1.10 builds port-to-master This change should apply to all future Julia builds labels Aug 26, 2024
@kpamnany kpamnany requested review from NHDaly and d-netto August 26, 2024 14:09
d-netto
d-netto approved these changes Aug 26, 2024
View reviewed changes
Copy link
Member

@d-netto d-netto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SGTM. Please run the JuliaLang Profile test on this branch (to check the functionality is correct) and raicode CI before merging.

@kpamnany
Copy link
Collaborator Author

Ran the Profile tests; they pass. RAICode PR passes CI.

@kpamnany kpamnany merged commit 0e5b029 into v1.10.2+RAI Aug 26, 2024
5 checks passed
@kpamnany kpamnany deleted the kp-backport-55326 branch August 26, 2024 17:19
github-actions bot pushed a commit that referenced this pull request Dec 17, 2024
@DilumAluthgeBot @DilumAluthge
🤖 [master] Bump the Statistics stdlib from 68869af to d49c2bf (JuliaL…
dafaa61 
…ang#56831)

Stdlib: Statistics
URL: https://github.com/JuliaStats/Statistics.jl.git
Stdlib branch: master
Julia branch: master
Old commit: 68869af
New commit: d49c2bf
Julia version: 1.12.0-DEV
Statistics version: 1.11.2(Does not match)
Bump invoked by: @DilumAluthge
Powered by:
[BumpStdlibs.jl](https://github.com/JuliaLang/BumpStdlibs.jl)

Diff:
JuliaStats/Statistics.jl@68869af...d49c2bf

```
$ git log --oneline 68869af..d49c2bf
d49c2bf Merge pull request #178 from JuliaStats/dw/ci
d10d6a3 Update Project.toml
1b67c17 Merge pull request #168 from JuliaStats/andreasnoack-patch-2
c3721ed Add a coverage badge
8086523 Test earliest supported Julia version and prereleases
12a1976 Update codecov in ci.yml
2caf0eb Merge pull request #177 from JuliaStats/ViralBShah-patch-1
33e6e8b Update ci.yml to use julia-actions/cache
a399c19 Merge pull request #176 from JuliaStats/dependabot/github_actions/julia-actions/setup-julia-2
6b8d58a Merge branch 'master' into dependabot/github_actions/julia-actions/setup-julia-2
c2fb201 Merge pull request #175 from JuliaStats/dependabot/github_actions/actions/cache-4
8f808e4 Merge pull request #174 from JuliaStats/dependabot/github_actions/codecov/codecov-action-4
7f82133 Merge pull request #173 from JuliaStats/dependabot/github_actions/actions/checkout-4
046fb6f Update ci.yml
c0fc336 Bump julia-actions/setup-julia from 1 to 2
a95a57a Bump actions/cache from 1 to 4
b675501 Bump codecov/codecov-action from 1 to 4
0088c49 Bump actions/checkout from 2 to 4
ad95c08 Create dependabot.yml
40275e2 Merge pull request #167 from JuliaStats/andreasnoack-patch-1
fa5592a Merge pull request #170 from mbauman/patch-1
cf57562 Add more tests of mean and median of ranges
128dc11 Merge pull request #169 from stevengj/patch-1
48d7a02 docfix: abs2, not ^2
2ac5bec correct std docs: sqrt is elementwise
39f6332 Merge pull request #96 from josemanuel22/mean_may_return_incorrect_results
db3682b Merge branch 'master' into mean_may_return_incorrect_results
9e96507 Update src/Statistics.jl
58e5986 Test prereleases
6e76739 Implement one-argument cov2cor!
b8fee00 Stop testing on nightly
9addbb8 Merge pull request #162 from caleb-allen/patch-1
6e3d223 Merge pull request #164 from aplavin/patch-1
71ebe28 Merge pull request #166 from JuliaStats/dw/cov_cor_optimization
517afa6 add tests
aa0f549 Optimize `cov` and `cor` with identical arguments
cc11ea9 propagate NaN value in median
cf7040f Use non-mobile Wikipedia urls
547bf4d adding docu to mean! explain target should not alias with the source
296650a adding docu to mean! explain target should not alias with the source
```

Co-authored-by: Dilum Aluthge <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@d-netto d-netto d-netto approved these changes

@NHDaly NHDaly Awaiting requested review from NHDaly

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kpamnany @d-netto