PHP RFC: throwable_string_param_max_len: Configurable string length in getTraceAsString()

• Version: 0.1
• Date: 2020-06-27
• Author: Tyson Andre, tandre@php.net
• Status: Draft
• First Published at: https://wiki.php.net/rfc/throwable_string_param_max_len
• Implementation: https://github.com/php/php-src/pull/5769

Since 2003, Throwable->getTraceAsString() and Throwable->__toString() have limited the length of string function arguments in stringified stack traces to 15 bytes (e.g. #0 /path/to/file.php(line) function(“012345678901234...”). This is not enough space to render information such as paths, URLs, UUIDs, etc. if an end user wants to see it when debugging an issue.

While 15 bytes may be a reasonable default for many use cases (e.g. allowing packing more stack frames on a screen or within a byte limit), it would be useful to be able to raise that default.

This hardcoded limit affects various places where exceptions and errors are converted to strings, such as:

1. echo $throwable;
2. log('something', $throwable->getTraceAsString())
3. Uncaught Throwables that crashed an application.

Add a new ini setting throwable_string_param_max_len that would allow changing the string byte limit to any value between 15 and 1000000, keeping the current default of 15 bytes. (Changeable by PHP_INI_ALL)

A maximum value is enforced to make it harder to accidentally run out of memory or disk space (e.g. if long strings occur multiple times in a stack trace). Throwable->getTrace() can be used if the full argument values are needed.

None

PHP 8.0

If the ini setting is not changed, there will be no impact.

If the user decides to raise the string length limit, then stack traces will contain longer representations of string params. This may result in more data being logged when Throwable->__toString() or Throwable->getTraceAsString() are used (e.g. full urls, full file paths, full file contents, etc). Stringified stack traces may also exceed what applications assumed the typical length would be (e.g. udp packet sizes when syslogging).

• hardcoded default values: 15
• php.ini-development values: 15
• php.ini-production values: 15

Make sure there are no open issues when the vote starts!

Other ways to inspect stack traces such as debug_print_backtrace() and Throwable->getTrace() are not affected. They do not have string length limits.

Future RFCs may suggest allowing 0 in throwable_string_param_max_len. This RFC keeps a minimum of 15 bytes because application developers/users may prefer to have the same level of detail in bug reports if stringified exceptions are included in bug reports.

Being able to set the minimum value to 0 may have the benefit of avoiding accidentally exposing sensitive information in external dependencies or legacy applications.

• Static analyzers may be able to detect potentially unsafe uses of getTraceAsString() and __toString() in the future. Currently, though, I don't believe they check for this specific issue. https://psalm.dev/docs/security_analysis/ and https://gerrit.wikimedia.org/g/mediawiki/tools/phan/SecurityCheckPlugin/#mediawiki-security-check-plugin are projects in that area.

Since 2003, disk space, screen sizes, etc. have increased significantly. However, stack traces have probably also gotten longer in some frameworks, and the maximum syslog length may be limited to only a few thousand bytes on some platforms.

Application may be unexpectedly relying on the hardcoded limit of 15 to avoid logging sensitive information such as full urls, full paths, or full file contents.

Add a new ini setting throwable_string_param_max_len.

• Informal poll: Interest in allowing it to be set to 0

• Informal poll: Interest in raising the default setting value

https://externals.io/message/110717 “Making the hardcoded string length limit of Throwable->getTraceAsString() configurable”