Backport: Redact object data in heap snapshots, with option to opt-out#174
Merged
kpamnany merged 1 commit intov1.10.2+RAIfrom Aug 26, 2024
Merged
Backport: Redact object data in heap snapshots, with option to opt-out#174kpamnany merged 1 commit intov1.10.2+RAIfrom
kpamnany merged 1 commit intov1.10.2+RAIfrom
Conversation
…ng#55326) The contents of strings can contain user data which may be proprietary and emitting them in the heap snapshot makes the heap snapshot a potential vulnerability rather than a useful debugging artifact. There are likely other tweaks necessary to make heap snapshots "safe", but this is one less. --------- Co-authored-by: Nathan Daly <NHDaly@gmail.com> Co-authored-by: Ian Butterworth <i.r.butterworth@gmail.com>
d-netto
approved these changes
Aug 26, 2024
d-netto
left a comment
There was a problem hiding this comment.
SGTM. Please run the JuliaLang Profile test on this branch (to check the functionality is correct) and raicode CI before merging.
Author
|
Ran the Profile tests; they pass. RAICode PR passes CI. |
github-actions bot
pushed a commit
that referenced
this pull request
Dec 17, 2024
…ang#56831) Stdlib: Statistics URL: https://github.com/JuliaStats/Statistics.jl.git Stdlib branch: master Julia branch: master Old commit: 68869af New commit: d49c2bf Julia version: 1.12.0-DEV Statistics version: 1.11.2(Does not match) Bump invoked by: @DilumAluthge Powered by: [BumpStdlibs.jl](https://github.com/JuliaLang/BumpStdlibs.jl) Diff: JuliaStats/Statistics.jl@68869af...d49c2bf ``` $ git log --oneline 68869af..d49c2bf d49c2bf Merge pull request #178 from JuliaStats/dw/ci d10d6a3 Update Project.toml 1b67c17 Merge pull request #168 from JuliaStats/andreasnoack-patch-2 c3721ed Add a coverage badge 8086523 Test earliest supported Julia version and prereleases 12a1976 Update codecov in ci.yml 2caf0eb Merge pull request #177 from JuliaStats/ViralBShah-patch-1 33e6e8b Update ci.yml to use julia-actions/cache a399c19 Merge pull request #176 from JuliaStats/dependabot/github_actions/julia-actions/setup-julia-2 6b8d58a Merge branch 'master' into dependabot/github_actions/julia-actions/setup-julia-2 c2fb201 Merge pull request #175 from JuliaStats/dependabot/github_actions/actions/cache-4 8f808e4 Merge pull request #174 from JuliaStats/dependabot/github_actions/codecov/codecov-action-4 7f82133 Merge pull request #173 from JuliaStats/dependabot/github_actions/actions/checkout-4 046fb6f Update ci.yml c0fc336 Bump julia-actions/setup-julia from 1 to 2 a95a57a Bump actions/cache from 1 to 4 b675501 Bump codecov/codecov-action from 1 to 4 0088c49 Bump actions/checkout from 2 to 4 ad95c08 Create dependabot.yml 40275e2 Merge pull request #167 from JuliaStats/andreasnoack-patch-1 fa5592a Merge pull request #170 from mbauman/patch-1 cf57562 Add more tests of mean and median of ranges 128dc11 Merge pull request #169 from stevengj/patch-1 48d7a02 docfix: abs2, not ^2 2ac5bec correct std docs: sqrt is elementwise 39f6332 Merge pull request #96 from josemanuel22/mean_may_return_incorrect_results db3682b Merge branch 'master' into mean_may_return_incorrect_results 9e96507 Update src/Statistics.jl 58e5986 Test prereleases 6e76739 Implement one-argument cov2cor! b8fee00 Stop testing on nightly 9addbb8 Merge pull request #162 from caleb-allen/patch-1 6e3d223 Merge pull request #164 from aplavin/patch-1 71ebe28 Merge pull request #166 from JuliaStats/dw/cov_cor_optimization 517afa6 add tests aa0f549 Optimize `cov` and `cor` with identical arguments cc11ea9 propagate NaN value in median cf7040f Use non-mobile Wikipedia urls 547bf4d adding docu to mean! explain target should not alias with the source 296650a adding docu to mean! explain target should not alias with the source ``` Co-authored-by: Dilum Aluthge <dilum@aluthge.com>
nickrobinson251
pushed a commit
that referenced
this pull request
Feb 26, 2025
…ng#55326) (#174) The contents of strings can contain user data which may be proprietary and emitting them in the heap snapshot makes the heap snapshot a potential vulnerability rather than a useful debugging artifact. There are likely other tweaks necessary to make heap snapshots "safe", but this is one less. --------- Co-authored-by: Nathan Daly <NHDaly@gmail.com> Co-authored-by: Ian Butterworth <i.r.butterworth@gmail.com>
github-actions bot
pushed a commit
that referenced
this pull request
Apr 4, 2026
Stdlib: Distributed URL: https://github.com/JuliaLang/Distributed.jl Stdlib branch: master Julia branch: master Old commit: cd92195 New commit: d439c24 Julia version: 1.14.0-DEV Distributed version: 1.11.0 (Does not match) Bump invoked by: @DilumAluthge Powered by: [BumpStdlibs.jl](https://github.com/JuliaLang/BumpStdlibs.jl) Diff: JuliaLang/Distributed.jl@cd92195...d439c24 ``` $ git log --oneline cd92195..d439c24 d439c24 CI: Add a CI job that runs JET tests (#164) d396a8c Fix some JET errors around matching methods for `send_connection_hdr(...)` and `send_msg_now(...)` (#180) 231da28 Fix some JET errors around matching methods for `kill(...)` and `process_exited(...)` (#172) 2adcd26 Rename one method of `run_work_thunk()` to `run_work_thunk_remotevalue()`; this fixes a JET error around matching methods for `run_work_thunk(...)` (#181) 1bc91f9 Fix a JET error regarding the existence of the local variable `reducer` at a certain point (#169) b7c43b2 Fix a JET error around matching methods for `push!(...)` (#173) d06aa73 Fix a JET error around matching methods for `getindex(...)` (#170) 0cf9910 Fix a JET error around matching methods for `read_worker_host_port(...)` (#171) 9f6459f Fix JET errors around matching methods for `lock(...)` and `unlock(...)` (#167) 9724553 Fix a JET error around matching methods for `shell_escape_wincmd(...)` (#174) d65a996 Fix a JET error by narrowing the type signature of the `create_worker(x, y)` function (#175) 3ebddd3 avoid `Core.Box` in the package (#161) 2fe1aa4 Change `Distributed.cluster_manager` from a global non-constant `ClusterManager` to a global constant `Ref{ClusterManager}` (#177) 6649a94 Ensure correct type parameter of serialized RemoteChannel (#179) 871e3d7 Fix JET errors around matching methods for `send_msg_now(...)` (#165) 56fa9f2 Fix JET errors around matching methods for `send_msg(...)` (#166) a6195c0 Bump actions/checkout from 5 to 6 (#155) ``` Co-authored-by: DilumAluthge <5619885+DilumAluthge@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR Description
Do not emit the contents of strings in heap snapshots.
Checklist
Requirements for merging:
port-to-*labels that don't apply.