Skip to content

[MOB - 3703] - Sensitive log information #400

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Ayyanchira merged 3 commits into from
Nov 18, 2021
Merged

[MOB - 3703] - Sensitive log information #400

Ayyanchira merged 3 commits into from
Nov 18, 2021

Conversation

@Ayyanchira
Copy link
Member

@Ayyanchira Ayyanchira commented Nov 11, 2021
edited
Loading

🔹 Jira Ticket(s) if any

(https://iterable.atlassian.net/browse/MOB-XXXX)](https://iterable.atlassian.net/browse/MOB-3703)

✏️ Description

  1. Removed logging of JWT keys and API keys from Headers and also from error case scenarios.
  2. Added checks to leverage config.loglevel only if App is in debug mode.

@Ayyanchira
[MOB - 3703] - Sensitive log information
ab0750b 
1. Additional check to see if the App is debuggable. If so, only then -> consider config.logLevel or else, stick with default -> or anything above Warning level
@codecov
Copy link

codecov bot commented Nov 11, 2021
edited
Loading

Codecov Report

Merging #400 (64b4243) into master (12f2908) will decrease coverage by 0.04%.
The diff coverage is 50.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #400      +/-   ##
==========================================
- Coverage   67.35%   67.30%   -0.05%     
==========================================
  Files          63       63              
  Lines        3795     3802       +7     
  Branches      439      440       +1     
==========================================
+ Hits         2556     2559       +3     
- Misses        981      982       +1     
- Partials      258      261       +3
Impacted Files Coverage Δ
.../com/iterable/iterableapi/IterableAuthManager.java 15.62% <0.00%> (ø)
.../com/iterable/iterableapi/IterableRequestTask.java 79.47% <75.00%> (-0.18%) ⬇️
.../iterable/iterableapi/IterableActivityMonitor.java 91.80% <0.00%> (-3.28%) ⬇️
...erable/iterableapi/IterablePushActionReceiver.java 76.92% <0.00%> (-1.75%) ⬇️
...com/iterable/iterableapi/IterableInAppManager.java 88.09% <0.00%> (-0.48%) ⬇️
...ain/java/com/iterable/iterableapi/IterableApi.java 64.76% <0.00%> (-0.26%) ⬇️
.../com/iterable/iterableapi/InboxSessionManager.java 58.44% <0.00%> (+0.54%) ⬆️
...in/java/com/iterable/iterableapi/IterableUtil.java 70.53% <0.00%> (+2.67%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 12f2908...64b4243. Read the comment docs.

@Ayyanchira Ayyanchira force-pushed the MOB-3703-Iterable-Logging-Senstive-Data branch from 5ce9a74 to 9fe905d Compare November 12, 2021 23:11
@Ayyanchira Ayyanchira marked this pull request as ready for review November 16, 2021 21:29
@Ayyanchira Ayyanchira force-pushed the MOB-3703-Iterable-Logging-Senstive-Data branch from 9fe905d to 121694a Compare November 16, 2021 21:44
roninopf
roninopf reviewed Nov 17, 2021
View reviewed changes
iterableapi/src/main/java/com/iterable/iterableapi/IterableLogger.java Outdated
}

private static boolean isLoggable(int messageLevel) {
boolean isDebug = ((IterableApi.getInstance().getMainActivityContext().getApplicationInfo().flags & IterableApi.getInstance().getMainActivityContext().getApplicationInfo().FLAG_DEBUGGABLE) != 0);
Copy link
Contributor

@roninopf roninopf Nov 17, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not needed for approval, should isDebug be split out as a universal utility function?

Copy link
Member Author

@Ayyanchira Ayyanchira Nov 18, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In fact we do have a global state in IterableAPI class which is referred in IterableLogger. However, I dont see setDebugMode called anywhere in the code.

iterable-android-sdk/iterableapi/src/main/java/com/iterable/iterableapi/IterableApi.java

Line 183 in 788e949

void setDebugMode(boolean debugMode) {

This PR will add explicit check. But will give it a look if it can be optimized 👍

@Ayyanchira
Filtering out Auth keys and API key from logging
09302b2 
Added checks to omit Auth key and API key before logging
@Ayyanchira Ayyanchira force-pushed the MOB-3703-Iterable-Logging-Senstive-Data branch from 121694a to 09302b2 Compare November 18, 2021 00:06
@Ayyanchira Ayyanchira merged commit 834b1a2 into master Nov 18, 2021
@Ayyanchira Ayyanchira deleted the MOB-3703-Iterable-Logging-Senstive-Data branch November 18, 2021 01:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vbabenkoru vbabenkoru vbabenkoru approved these changes

@davidtruong davidtruong Awaiting requested review from davidtruong

+1 more reviewer

@roninopf roninopf roninopf approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Ayyanchira @roninopf @vbabenkoru