]> nmode's Git Repositories - signal-cli/blob - src/main/java/org/asamk/signal/logging/Scrubber.java
git.nmode.ca / signal-cli / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Reformat files
[signal-cli] / src / main / java / org / asamk / signal / logging / Scrubber.java
1 /*
2 * Copyright (C) 2014 Open Whisper Systems
3 *
4 * This program is free software: you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation, either version 3 of the License, or
7 * (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program. If not, see <http://www.gnu.org/licenses/>.
16 */
17
18 package org.asamk.signal.logging;
19
20 import java.util.Arrays;
21 import java.util.HashSet;
22 import java.util.Locale;
23 import java.util.Set;
24 import java.util.regex.Matcher;
25 import java.util.regex.Pattern;
26
27 /**
28 * Scrub data for possibly sensitive information.
29 */
30 public final class Scrubber {
31
32 private Scrubber() {
33 }
34
35 /**
36 * The middle group will be censored.
37 * Supposedly, the shortest international phone numbers in use contain seven digits.
38 * Handles URL encoded +, %2B
39 */
40 private static final Pattern E164_PATTERN = Pattern.compile("(\\+|%2B|_)(\\d{5,13})(\\d{2})");
41 private static final String E164_CENSOR = "*************";
42
43 private static final Pattern GROUP_V1_ID_PATTERN = Pattern.compile(
44 "(/org/asamk/Signal/.*Groups/[a-zA-Z0-9/_+-]{2}|[a-zA-Z0-9/_+-]{2})([a-zA-Z0-9/_+-]{18})([a-zA-Z0-9/_+-]{2})(==|__)");
45 private static final String GROUP_V1_ID_CENSOR = "*".repeat(18);
46
47 private static final Pattern GROUP_V2_ID_PATTERN = Pattern.compile(
48 "(/org/asamk/Signal/.*Groups/[a-zA-Z0-9/_+-]{2}|[a-zA-Z0-9/_+-]{2})([a-zA-Z0-9/_+-]{39})([a-zA-Z0-9/_+-]{2})([=_])");
49 private static final String GROUP_V2_ID_CENSOR = "*".repeat(39);
50
51 /**
52 * The second group will be censored.
53 */
54 private static final Pattern CRUDE_EMAIL_PATTERN = Pattern.compile("\\b([^\\s/])([^\\s/]*@[^\\s]+)");
55 private static final String EMAIL_CENSOR = "...@...";
56
57 /**
58 * The middle group will be censored.
59 */
60 private static final Pattern UUID_PATTERN = Pattern.compile(
61 "(JOB::)?([0-9a-f]{8}[-_][0-9a-f]{4}[-_][0-9a-f]{4}[-_][0-9a-f]{4}[-_][0-9a-f]{10})([0-9a-f]{2})",
62 Pattern.CASE_INSENSITIVE);
63 private static final String UUID_CENSOR = "********-****-****-****-**********";
64
65 /**
66 * The entire string is censored.
67 */
68 private static final Pattern IPV4_PATTERN = Pattern.compile("\\b"
69 + "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\."
70 + "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\."
71 + "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\."
72 + "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)"
73 + "\\b");
74 private static final String IPV4_CENSOR = "...ipv4...";
75
76 /**
77 * The domain name except for TLD will be censored.
78 */
79 private static final Pattern DOMAIN_PATTERN = Pattern.compile("([a-z0-9]+\\.)+([a-z0-9\\-]*[a-z\\-][a-z0-9\\-]*)",
80 Pattern.CASE_INSENSITIVE);
81 private static final String DOMAIN_CENSOR = "***.";
82 private static final Set<String> TOP_100_TLDS = new HashSet<>(Arrays.asList("com",
83 "net",
84 "org",
85 "jp",
86 "de",
87 "uk",
88 "fr",
89 "br",
90 "it",
91 "ru",
92 "es",
93 "me",
94 "gov",
95 "pl",
96 "ca",
97 "au",
98 "cn",
99 "co",
100 "in",
101 "nl",
102 "edu",
103 "info",
104 "eu",
105 "ch",
106 "id",
107 "at",
108 "kr",
109 "cz",
110 "mx",
111 "be",
112 "tv",
113 "se",
114 "tr",
115 "tw",
116 "al",
117 "ua",
118 "ir",
119 "vn",
120 "cl",
121 "sk",
122 "ly",
123 "cc",
124 "to",
125 "no",
126 "fi",
127 "us",
128 "pt",
129 "dk",
130 "ar",
131 "hu",
132 "tk",
133 "gr",
134 "il",
135 "news",
136 "ro",
137 "my",
138 "biz",
139 "ie",
140 "za",
141 "nz",
142 "sg",
143 "ee",
144 "th",
145 "io",
146 "xyz",
147 "pe",
148 "bg",
149 "hk",
150 "lt",
151 "link",
152 "ph",
153 "club",
154 "si",
155 "site",
156 "mobi",
157 "by",
158 "cat",
159 "wiki",
160 "la",
161 "ga",
162 "xxx",
163 "cf",
164 "hr",
165 "ng",
166 "jobs",
167 "online",
168 "kz",
169 "ug",
170 "gq",
171 "ae",
172 "is",
173 "lv",
174 "pro",
175 "fm",
176 "tips",
177 "ms",
178 "sa",
179 "app"));
180
181 public static CharSequence scrub(CharSequence in) {
182
183 in = scrubUuids(in);
184 in = scrubE164(in);
185 in = scrubEmail(in);
186 in = scrubGroupV2Ids(in);
187 in = scrubGroupV1Ids(in);
188 in = scrubDomains(in);
189 in = scrubIpv4(in);
190
191 return in;
192 }
193
194 private static CharSequence scrubE164(CharSequence in) {
195 return scrub(in,
196 E164_PATTERN,
197 (matcher, output) -> output.append(matcher.group(1))
198 .append(E164_CENSOR, 0, matcher.group(2).length())
199 .append(matcher.group(3)));
200 }
201
202 private static CharSequence scrubGroupV1Ids(CharSequence in) {
203 return scrub(in,
204 GROUP_V1_ID_PATTERN,
205 (matcher, output) -> output.append(matcher.group(1))
206 .append(GROUP_V1_ID_CENSOR, 0, matcher.group(2).length())
207 .append(matcher.group(3)));
208 }
209
210 private static CharSequence scrubGroupV2Ids(CharSequence in) {
211 return scrub(in,
212 GROUP_V2_ID_PATTERN,
213 (matcher, output) -> output.append(matcher.group(1))
214 .append(GROUP_V2_ID_CENSOR, 0, matcher.group(2).length())
215 .append(matcher.group(3)));
216 }
217
218 private static CharSequence scrubEmail(CharSequence in) {
219 return scrub(in,
220 CRUDE_EMAIL_PATTERN,
221 (matcher, output) -> output.append(matcher.group(1)).append(EMAIL_CENSOR));
222 }
223
224 private static CharSequence scrubUuids(CharSequence in) {
225 return scrub(in, UUID_PATTERN, (matcher, output) -> {
226 if (matcher.group(1) != null && !matcher.group(1).isEmpty()) {
227 output.append(matcher.group(1)).append(matcher.group(2)).append(matcher.group(3));
228 } else {
229 output.append(UUID_CENSOR).append(matcher.group(3));
230 }
231 });
232 }
233
234 private static CharSequence scrubDomains(CharSequence in) {
235 return scrub(in, DOMAIN_PATTERN, (matcher, output) -> {
236 String match = matcher.group(0);
237 if (matcher.groupCount() == 2
238 && TOP_100_TLDS.contains(matcher.group(2).toLowerCase(Locale.US))
239 && !match.endsWith("whispersystems.org")
240 && !match.endsWith("signal.org")) {
241 output.append(DOMAIN_CENSOR).append(matcher.group(2));
242 } else {
243 output.append(match);
244 }
245 });
246 }
247
248 private static CharSequence scrubIpv4(CharSequence in) {
249 return scrub(in, IPV4_PATTERN, (matcher, output) -> output.append(IPV4_CENSOR));
250 }
251
252 private static CharSequence scrub(CharSequence in, Pattern pattern, ProcessMatch processMatch) {
253 final StringBuilder output = new StringBuilder(in.length());
254 final Matcher matcher = pattern.matcher(in);
255
256 int lastEndingPos = 0;
257
258 while (matcher.find()) {
259 output.append(in, lastEndingPos, matcher.start());
260
261 processMatch.scrubMatch(matcher, output);
262
263 lastEndingPos = matcher.end();
264 }
265
266 if (lastEndingPos == 0) {
267 // there were no matches, save copying all the data
268 return in;
269 } else {
270 output.append(in, lastEndingPos, in.length());
271
272 return output;
273 }
274 }
275
276 private interface ProcessMatch {
277
278 void scrubMatch(Matcher matcher, StringBuilder output);
279 }
280 }
[GitHub/AsamK] signal-cli provides an unofficial commandline, JSON-RPC and dbus interface for the Signal messenger.

Codeberg
GitHub
GitLab
SourceHut