Chromium Code Reviews Chromium Code Reviews
Issue 1610123003:
Added anonymizer to SystemLogUploader. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: chrome/browser/chromeos/policy/system_log_uploader.cc |
| diff --git a/chrome/browser/chromeos/policy/system_log_uploader.cc b/chrome/browser/chromeos/policy/system_log_uploader.cc |
| index bb68674f1ae547bbfaaed5a604ecd28242df19b6..b3a33a1162aa1122235c8b2b95eb98621511c4d1 100644 |
| --- a/chrome/browser/chromeos/policy/system_log_uploader.cc |
| +++ b/chrome/browser/chromeos/policy/system_log_uploader.cc |
| @@ -26,7 +26,6 @@ |
| #include "components/policy/core/common/cloud/enterprise_metrics.h" |
| #include "content/public/browser/browser_thread.h" |
| #include "net/http/http_request_headers.h" |
| -#include "third_party/re2/src/re2/re2.h" |
| namespace { |
| // The maximum number of successive retries. |
| @@ -44,34 +43,6 @@ const char* const kSystemLogFileNames[] = { |
| "/var/log/net.log", "/var/log/net.1.log", |
| "/var/log/ui/ui.LATEST", "/var/log/update_engine.log"}; |
| -const char kEmailAddress[] = |
| - "[a-zA-Z0-9\\+\\.\\_\\%\\-\\+]{1,256}\\@" |
| - "[a-zA-Z0-9][a-zA-Z0-9\\-]{0,64}(\\.[a-zA-Z0-9][a-zA-Z0-9\\-]{0,25})+"; |
| -const char kIPAddress[] = |
| - "((25[0-5]|2[0-4][0-9]|[0-1][0-9]{2}|[1-9][0-9]|[1-9])" |
| - "\\.(25[0-5]|2[0-4][0-9]|[0-1][0-9]{2}|[1-9][0-9]|[1-9]|0)\\.(25[0-5]|2" |
| - "[0-4][0-9]|[0-1][0-9]{2}|[1-9][0-9]|[1-9]|0)\\.(25[0-5]|2[0-4][0-9]|[0-1]" |
| - "[0-9]{2}|[1-9][0-9]|[0-9]))"; |
| -const char kIPv6Address[] = |
| - "(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|" |
| - "([0-9a-fA-F]{1,4}:){1,7}:|" |
| - "([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|" |
| - "([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|" |
| - "([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|" |
| - "([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|" |
| - "([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|" |
| - "[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|" |
| - ":((:[0-9a-fA-F]{1,4}){1,7}|:)|" |
| - "fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|" |
| - "::(ffff(:0{1,4}){0,1}:){0,1}" |
| - "((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}" |
| - "(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|" |
| - "([0-9a-fA-F]{1,4}:){1,4}:" |
| - "((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}" |
| - "(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))"; |
| - |
| -const char kWebUrl[] = "(http|https|Http|Https|rtsp|Rtsp):\\/\\/"; |
| - |
| // Reads the system log files as binary files, stores the files as pairs |
| // (file name, data) and returns. Called on blocking thread. |
| scoped_ptr<policy::SystemLogUploader::SystemLogs> ReadFiles() { |
| @@ -85,8 +56,7 @@ scoped_ptr<policy::SystemLogUploader::SystemLogs> ReadFiles() { |
| LOG(ERROR) << "Failed to read the system log file from the disk " |
| << file_path << std::endl; |
| } |
| - system_logs->push_back(std::make_pair( |
| - file_path, policy::SystemLogUploader::RemoveSensitiveData(data))); |
| + system_logs->push_back(std::make_pair(file_path, data)); |
|
Thiemo Nagel
2016/01/21 14:22:29
Why have you moved the anonymizing step to UploadS
Polina Bondarenko
2016/01/21 16:16:08
Yes, you're right, I like mostly the idea of movin
|
| } |
| return system_logs; |
| } |
| @@ -155,11 +125,6 @@ base::TimeDelta GetUploadFrequency() { |
| return upload_frequency; |
| } |
| -void RecordSystemLogPIILeak(policy::SystemLogPIIType type) { |
| - UMA_HISTOGRAM_ENUMERATION(policy::kMetricSystemLogPII, type, |
| - policy::SYSTEM_LOG_PII_TYPE_SIZE); |
| -} |
| - |
| std::string GetUploadUrl() { |
| return policy::BrowserPolicyConnector::GetDeviceManagementUrl() + |
| kSystemLogUploadUrlTail; |
| @@ -247,47 +212,11 @@ void SystemLogUploader::OnFailure(UploadJob::ErrorCode error_code) { |
| } |
| } |
| -// static |
| std::string SystemLogUploader::RemoveSensitiveData(const std::string& data) { |
| - std::string result = ""; |
| - RE2 email_pattern(kEmailAddress), ipv4_pattern(kIPAddress), |
| - ipv6_pattern(kIPv6Address), url_pattern(kWebUrl); |
| - |
| - for (const std::string& line : base::SplitString( |
| - data, "\n", base::KEEP_WHITESPACE, base::SPLIT_WANT_ALL)) { |
| - // Email. |
| - if (RE2::PartialMatch(line, email_pattern)) { |
| - RecordSystemLogPIILeak(SYSTEM_LOG_PII_TYPE_EMAIL_ADDRESS); |
| - continue; |
| - } |
| - |
| - // IPv4 address. |
| - if (RE2::PartialMatch(line, ipv4_pattern)) { |
| - RecordSystemLogPIILeak(SYSTEM_LOG_PII_TYPE_IP_ADDRESS); |
| - continue; |
| - } |
| - |
| - // IPv6 address. |
| - if (RE2::PartialMatch(line, ipv6_pattern)) { |
| - RecordSystemLogPIILeak(SYSTEM_LOG_PII_TYPE_IP_ADDRESS); |
| - continue; |
| - } |
| - |
| - // URL. |
| - if (RE2::PartialMatch(line, url_pattern)) { |
| - RecordSystemLogPIILeak(SYSTEM_LOG_PII_TYPE_WEB_URL); |
| - continue; |
| - } |
| - |
| - // SSID. |
| - if (line.find("SSID=") != std::string::npos) { |
| - RecordSystemLogPIILeak(SYSTEM_LOG_PII_TYPE_SSID); |
| - continue; |
| - } |
| - |
| - result += line + "\n"; |
| - } |
| - return result; |
| + std::string anonymized = anonymizer_.Anonymize(data); |
| + UMA_HISTOGRAM_BOOLEAN(policy::kMetricSystemLogPII, |
| + anonymized.compare(data) != 0); |
| + return anonymized; |
| } |
| void SystemLogUploader::RefreshUploadSettings() { |
| @@ -322,8 +251,8 @@ void SystemLogUploader::UploadSystemLogs(scoped_ptr<SystemLogs> system_logs) { |
| int file_number = 1; |
| for (const auto& syslog_entry : *system_logs) { |
| std::map<std::string, std::string> header_fields; |
| - scoped_ptr<std::string> data = |
| - make_scoped_ptr(new std::string(syslog_entry.second)); |
| + scoped_ptr<std::string> data = make_scoped_ptr( |
| + new std::string(RemoveSensitiveData(syslog_entry.second))); |
| header_fields.insert(std::make_pair(kFileTypeHeaderName, kFileTypeLogFile)); |
| header_fields.insert(std::make_pair(net::HttpRequestHeaders::kContentType, |
| kContentTypePlainText)); |
