From 00e71ed0fc63959063e79b06bb31da6aa3e71e00 Mon Sep 17 00:00:00 2001 From: AsamK Date: Wed, 31 Jan 2024 20:33:01 +0100 Subject: [PATCH] Improve scrubbing of sensitive identifiers Fixes #1189 --- man/signal-cli.1.adoc | 1 + .../asamk/signal/logging/LogConfigurator.java | 2 ++ .../org/asamk/signal/logging/Scrubber.java | 30 +++++++++++++++++-- 3 files changed, 31 insertions(+), 2 deletions(-) diff --git a/man/signal-cli.1.adoc b/man/signal-cli.1.adoc index 33f99a6f..110f8021 100644 --- a/man/signal-cli.1.adoc +++ b/man/signal-cli.1.adoc @@ -44,6 +44,7 @@ If `--verbose` is also given, the detailed logs will only be written to the log *--scrub-log*:: Scrub possibly sensitive information from the log, like phone numbers and UUIDs. +Doesn't work reliably on dbus logs with very verbose logging (`-vvv`) *--config* CONFIG:: Set the path, where to store the config. diff --git a/src/main/java/org/asamk/signal/logging/LogConfigurator.java b/src/main/java/org/asamk/signal/logging/LogConfigurator.java index 825495df..65e8c4f5 100644 --- a/src/main/java/org/asamk/signal/logging/LogConfigurator.java +++ b/src/main/java/org/asamk/signal/logging/LogConfigurator.java @@ -52,6 +52,8 @@ public class LogConfigurator extends ContextAwareBase implements Configurator { rootLogger.addAppender(consoleAppender); lc.getLogger("org.asamk").setLevel(verboseLevel > 1 ? Level.ALL : verboseLevel > 0 ? Level.DEBUG : Level.INFO); + lc.getLogger("org.asamk.Signal") + .setLevel(verboseLevel > 2 ? Level.ALL : verboseLevel > 1 ? Level.INFO : Level.WARN); lc.getLogger("com.zaxxer.hikari.pool.PoolBase") .setLevel(verboseLevel > 2 ? Level.ALL : verboseLevel > 1 ? Level.INFO : Level.WARN); lc.getLogger("org.sqlite.core.NativeDB") diff --git a/src/main/java/org/asamk/signal/logging/Scrubber.java b/src/main/java/org/asamk/signal/logging/Scrubber.java index c1d66893..6078c6ba 100644 --- a/src/main/java/org/asamk/signal/logging/Scrubber.java +++ b/src/main/java/org/asamk/signal/logging/Scrubber.java @@ -37,9 +37,17 @@ public final class Scrubber { * Supposedly, the shortest international phone numbers in use contain seven digits. * Handles URL encoded +, %2B */ - private static final Pattern E164_PATTERN = Pattern.compile("(\\+|%2B|/org/asamk/Signal/_)(\\d{5,13})(\\d{2})"); + private static final Pattern E164_PATTERN = Pattern.compile("(\\+|%2B|_)(\\d{5,13})(\\d{2})"); private static final String E164_CENSOR = "*************"; + private static final Pattern GROUP_V1_ID_PATTERN = Pattern.compile( + "(/org/asamk/Signal/.*Groups/[a-zA-Z0-9/_+-]{2}|[a-zA-Z0-9/_+-]{2})([a-zA-Z0-9/_+-]{18})([a-zA-Z0-9/_+-]{2})(==|__)"); + private static final String GROUP_V1_ID_CENSOR = "*".repeat(18); + + private static final Pattern GROUP_V2_ID_PATTERN = Pattern.compile( + "(/org/asamk/Signal/.*Groups/[a-zA-Z0-9/_+-]{2}|[a-zA-Z0-9/_+-]{2})([a-zA-Z0-9/_+-]{39})([a-zA-Z0-9/_+-]{2})([=_])"); + private static final String GROUP_V2_ID_CENSOR = "*".repeat(39); + /** * The second group will be censored. */ @@ -172,9 +180,11 @@ public final class Scrubber { public static CharSequence scrub(CharSequence in) { + in = scrubUuids(in); in = scrubE164(in); in = scrubEmail(in); - in = scrubUuids(in); + in = scrubGroupV2Ids(in); + in = scrubGroupV1Ids(in); in = scrubDomains(in); in = scrubIpv4(in); @@ -189,6 +199,22 @@ public final class Scrubber { .append(matcher.group(3))); } + private static CharSequence scrubGroupV1Ids(CharSequence in) { + return scrub(in, + GROUP_V1_ID_PATTERN, + (matcher, output) -> output.append(matcher.group(1)) + .append(GROUP_V1_ID_CENSOR, 0, matcher.group(2).length()) + .append(matcher.group(3))); + } + + private static CharSequence scrubGroupV2Ids(CharSequence in) { + return scrub(in, + GROUP_V2_ID_PATTERN, + (matcher, output) -> output.append(matcher.group(1)) + .append(GROUP_V2_ID_CENSOR, 0, matcher.group(2).length()) + .append(matcher.group(3))); + } + private static CharSequence scrubEmail(CharSequence in) { return scrub(in, CRUDE_EMAIL_PATTERN, -- 2.50.1