scrub any data that slips through to logs

Similar to phone number scrubbing, we leave a short prefix of the data to help with debugging without leaking much data. // FREEBIE
8 years ago · 4f1ee98489
parent 86d494becb
commit 4f1ee98489
2 changed files with 42 additions and 6 deletions
--- a/Signal/src/util/OWSScrubbingLogFormatter.m
+++ b/Signal/src/util/OWSScrubbingLogFormatter.m
@ -10,17 +10,30 @@ NS_ASSUME_NONNULL_BEGIN

 - (NSString *)formatLogMessage:(DDLogMessage *)logMessage
 {
-    NSString *string = [super formatLogMessage:logMessage];
+    NSString *logString = [super formatLogMessage:logMessage];
    NSRegularExpression *phoneRegex =
        [NSRegularExpression regularExpressionWithPattern:@"\\+\\d{7,12}(\\d{3})"
                                                  options:NSRegularExpressionCaseInsensitive
                                                    error:nil];
-    NSString *filteredString = [phoneRegex stringByReplacingMatchesInString:string
-                                                                    options:0
-                                                                      range:NSMakeRange(0, [string length])
-                                                               withTemplate:@"[ REDACTED_PHONE_NUMBER:xxx$1 ]"];

-    return filteredString;
+    logString = [phoneRegex stringByReplacingMatchesInString:logString
+                                                     options:0
+                                                       range:NSMakeRange(0, [logString length])
+                                                withTemplate:@"[ REDACTED_PHONE_NUMBER:xxx$1 ]"];
+
+
+    // We capture only the first two characters of the hex string for logging.
+    NSRegularExpression *dataRegex =
+        [NSRegularExpression regularExpressionWithPattern:@"<([\\da-f]{2})[\\da-f]{6}( [\\da-f]{8})*>"
+                                                  options:NSRegularExpressionCaseInsensitive
+                                                    error:nil];
+
+    logString = [dataRegex stringByReplacingMatchesInString:logString
+                                                    options:0
+                                                      range:NSMakeRange(0, [logString length])
+                                               withTemplate:@"[ REDACTED_DATA:$1... ]"];
+
+    return logString;
 }

@end
--- a/Signal/test/util/OWSScrubbingLogFormatterTest.m
+++ b/Signal/test/util/OWSScrubbingLogFormatterTest.m
@ -27,6 +27,29 @@ NS_ASSUME_NONNULL_BEGIN
                                       timestamp:[NSDate new]];
 }

+- (void)testDataScrubbed
+{
+    NSArray<NSString *> *dataStrings = @[
+        @"<01234567 89a23def 23234567 89ab1234>",
+        @"<01234567 89a23def 23234567 89ab1223> ",
+        @"<01234567 89a23def 23234567 89ab1223> bar <01234567 89abcdef 22234567 89ab1234>"
+    ];
+
+    for (NSString *dataString in dataStrings) {
+        OWSScrubbingLogFormatter *formatter = [OWSScrubbingLogFormatter new];
+        NSString *messageText = [NSString stringWithFormat:@"My data is %@", dataString];
+        NSString *actual = [formatter formatLogMessage:[self messageWithString:messageText]];
+        NSRange redactedRange = [actual rangeOfString:@"[ REDACTED_DATA:01... ]"];
+        XCTAssertNotEqual(
+            NSNotFound, redactedRange.location, "Failed to redact data string: %@ actual: %@", dataString, actual);
+
+        // ensure no more than the redacted portion of the data id is left in the log string
+        NSRange dataRange = [actual rangeOfString:@"23"];
+        XCTAssertEqual(
+            NSNotFound, dataRange.location, "Failed to redact data string: %@, actual %@", dataString, actual);
+    }
+}
+
 - (void)testPhoneNumbersScrubbed
 {
    NSArray<NSString *> *phoneStrings = @[