Skip to content

redact UDID information from binary image data #6382

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Sep 1, 2020
Merged

redact UDID information from binary image data #6382

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
f937b8e
redact UDID information from binary image data
adamvduke Sep 1, 2020
95259da
run clang-format on existing PR changes
adamvduke Sep 1, 2020
4014d1d
update Crashlytics changelog
adamvduke Sep 1, 2020
8437484
simplify test string creation
adamvduke Sep 1, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions Crashlytics/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
# Unreleased
- [added] Added stackFrameWithAddress API for recording custom errors that are symbolicated on the backend (#5975).
- [fixed] Fixed comment typos (#6363).
- [fixed] Remove device information from binary image data crash info entries (#6382).

# v4.5.0
- [fixed] Fixed a compiler warning and removed unused networking code (#6210).
Expand Down
6 changes: 6 additions & 0 deletions Crashlytics/Crashlytics/Components/FIRCLSProcess.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -800,6 +800,12 @@ static void FIRCLSProcessRecordCrashInfo(FIRCLSFile *file) {
continue;
}

// The crash_info_t's message may contain the device's UDID, in this case,
// make sure that we do our best to redact that information before writing the
// rest of the message to disk. This also has the effect of not uploading that
// information in the subsequent crash report.
FIRCLSRedactUUID(string);

FIRCLSFileWriteArrayEntryHexEncodedString(file, string);
}
}
Expand Down
1 change: 1 addition & 0 deletions Crashlytics/Crashlytics/Helpers/FIRCLSUtility.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ bool FIRCLSReadString(vm_address_t src, char** dest, size_t maxlen);
const char* FIRCLSDupString(const char* string);

bool FIRCLSUnlinkIfExists(const char* path);
void FIRCLSRedactUUID(char* value);

#if __OBJC__
void FIRCLSDispatchAfter(float timeInSeconds, dispatch_queue_t queue, dispatch_block_t block);
Expand Down
31 changes: 31 additions & 0 deletions Crashlytics/Crashlytics/Helpers/FIRCLSUtility.m
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -156,6 +156,37 @@ bool FIRCLSUnlinkIfExists(const char* path) {
return FIRCLSNormalizeUUID(FIRCLSGenerateUUID());
}

// Redacts a UUID wrapped in parenthesis from a char* using strchr, which is async safe.
// Ex.
// "foo (bar) (45D62CC2-CFB5-4E33-AB61-B0684627F1B6) baz"
// becomes
// "foo (bar) (********-****-****-****-************) baz"
void FIRCLSRedactUUID(char* value) {
if (value == NULL) {
return;
}
char* openParen = value;
// find the index of the first paren
while ((openParen = strchr(openParen, '(')) != NULL) {
// find index of the matching close paren
const char* closeParen = strchr(openParen, ')');
if (closeParen == NULL) {
break;
}
// if the distance between them is 37, traverse the characters
// and replace anything that is not a '-' with '*'
if (closeParen - openParen == 37) {
for (int i = 1; i < 37; ++i) {
if (*(openParen + i) != '-') {
*(openParen + i) = '*';
}
}
break;
}
openParen++;
}
}

NSString* FIRCLSNSDataToNSString(NSData* data) {
NSString* string;
char* buffer;
Expand Down
52 changes: 52 additions & 0 deletions Crashlytics/UnitTests/FIRCLSUtilityTests.m
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,4 +77,56 @@ - (void)testHexToStringWithNonPrintableCharacters {
XCTAssertEqualObjects([NSString stringWithUTF8String:string], @"52d04e1f", @"");
}

- (void)testRedactUUIDWithExpectedPattern {
const char* readonly = "CoreSimulator 704.12.1 - Device: iPhone SE (2nd generation) "
"(45D62CC2-CFB5-4E33-AB61-B0684627F1B6) - Runtime: iOS 13.4 (17E8260) - "
"DeviceType: iPhone SE (2nd generation)";
size_t len = strlen(readonly);
char message[len];
strcpy(message, readonly);

FIRCLSRedactUUID(message);

NSString* actual = [NSString stringWithUTF8String:message];
NSString* expected = @"CoreSimulator 704.12.1 - Device: iPhone SE (2nd generation) "
@"(********-****-****-****-************) - Runtime: iOS 13.4 (17E8260) - "
@"DeviceType: iPhone SE (2nd generation)";

XCTAssertEqualObjects(actual, expected);
}

- (void)testRedactUUIDWithMalformedPattern {
const char* readonly = "CoreSimulator 704.12.1 - Device: iPhone SE (2nd generation) "
"(45D62CC2-CFB5-4E33-AB61-B0684627F1B6";
size_t len = strlen(readonly);
char message[len];
strcpy(message, readonly);

FIRCLSRedactUUID(message);

NSString* actual = [NSString stringWithUTF8String:message];
NSString* expected = @"CoreSimulator 704.12.1 - Device: iPhone SE (2nd generation) "
@"(45D62CC2-CFB5-4E33-AB61-B0684627F1B6";

XCTAssertEqualObjects(actual, expected);
}

- (void)testRedactUUIDWithoutUUID {
const char* readonly = "Fatal error: file /Users/test/src/foo/bar/ViewController.swift, line 25";
size_t len = strlen(readonly);
char message[len];
strcpy(message, readonly);

FIRCLSRedactUUID(message);

NSString* actual = [NSString stringWithUTF8String:message];
NSString* expected = @"Fatal error: file /Users/test/src/foo/bar/ViewController.swift, line 25";

XCTAssertEqualObjects(actual, expected);
}

- (void)testRedactUUIDWithNull {
char* message = NULL;
XCTAssertNoThrow(FIRCLSRedactUUID(message));
}
@end