-
-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
windows username and homedir pathspec not redacted from debuglogs #2869
Comments
It looks like the existing privacy module tests attempted to cover this case: https://github.com/signalapp/Signal-Desktop/blob/development/test/modules/privacy_test.js#L113 If someone wants to assign this bug to me I am happy to work on confirming and resolving this in the near future. |
@irdan I won't be working on this in the near term, feel free to submit a pull request. |
@five-c-d I can't seem to create a test case that reproduces what you are experiencing. Even copying the exact non-redacted strings don't reproduce, though the accuracy of that test is dubious without knowing what your app root is. The redaction that is performed in the privacy module appears to be very comprehensive. It checks for the app root path in four different formats:
All of those string values are regex escaped and then joined with regex alternation Since the strings you shared appear to match the format of a path that would be caught, and it is only sometimes not redacted, I suspect there is something unusual in your environment. Perhaps a symlink or encoding issue is involved. Is this occurring on a cloned repo or installed from exe? If you can share a more complete debug log as well as the original app root it would help me to reproduce the issue. |
@irdan , I also peeked at the code, and saw that it seemed to be trying to "do the right thing" but since I didn't see where the problem was I did not claim to have the solution :-) Turns out there might not be a problem with the regex per se, but rather with the detected approot of this particular signal4desktop installation being odd in some fashion.
The system experiencing the trouble is a win10 installation, from the usual signal.org EXE installation method. There is some kind of homedir mirroring being used, for backup-related purposes at the windows-level, details of which are unclear to me.
The debuglog that used to exist was deleted server-side because it contained lastnames, but another can be regenerated if needed. (Though I would prefer to send such a thing via direct email rather than upload it into world-visible github... okay if I email you directly irdan, at the address I found for you online?)
I've poked around with this somewhat, and am not sure I can actually figure out what the approot is remotely. Short of having my contact with win10 install npm and hand-compile signal4desktop, is there a way to get the approot more easily? They have a running instance of signal4desktop, but is there no incantation they can type into the ctrl+shift+i debugtools thereof which will display the current value of the approot? Or if not that, maybe there is a short and sweet nodeJs incantation that they can pump in from the command-line to extract the approot on their system, without needing to understand too much about the gory details? The person having the trouble is tech-savvy, but not a programmer.
I think that the behavior is not intermittent/unreliable, though I've not gone through a slew of debuglogs from the machine in question. It will reliably scrub out windows-style paths with backslashes like this ==
And it reliably fails to scrub out URL-style paths with forward slashes like this ==
Like yourself, I now suspect that the approot is somehow "wrong" in the second case, yet "right" in the first case. Let me know if you have further questions, I'll try to get back more promptly, and thank you for looking into this bug, much appreciated |
I can confirm that this bug still exists. |
Seconding what Ugator noted, here is a recent debuglog from a problematic system. Not scrubbed, forward-slashes ==
Scrubbed properly, backslashes && double-backslashes ==
System running signal4desktop where the above problem was exhibited ==
There is a special character in the windows-username (the SPC character ASCII 0x20 specifically), and the system in question otherwise has an ASCII pathspec although I believe it may be configured with a European-language locale different from en_US ... not sure why the spellcheck of signal4desktop claims it is "using OS-level spell check API with locale en_US" ... maybe that is the electron-framework talking, rather than windows10 talking? |
Bug description
Debug log obscures/scrubs/redacts some filepaths, but others fail to be obscured.
Steps to reproduce
Actual result:
your windows username, or your linux paths or whatever, are uploaded to a world-visible webserver whenever you submit a debuglog
Expected result:
filepath is replaced with file://[REDACTED]/app.asar/ (etc) , which is already the current behavior with [REDACTED]\app.asar\ (etc) with backslashed paths
Or if the installation-subdirectory matters for some permission-related reason, then consider saying [REDACTED] in most cases and something like [REDACTED / custom subdir] when signal4desktop was installed at a non-default location.
Screenshots
n/a
Platform info
Signal version: Signal/1.17.2 Chrome/61.0.3163.100 Electron/2.0.8 node/8.9.3 env/production
Operating System: Win 10.0 (64-bit)
Linked device version: Android 4.30.x
Link to debug log
Here is a (modified) portion of such a debuglog:
More info
If you want to kill two birds with one stone while scrubbing file:// URIs as well as backslashed UNC pathspecs, please see also the regex-to-scrub-URLs feature request here, #1939 , which requests something like this alteration to that same privacy.js codebase:
Code which redacts backslashed UNC paths is here, https://github.com/signalapp/Signal-Desktop/blob/master/js/modules/privacy.js (using lots of regex it seems)
The text was updated successfully, but these errors were encountered: