From 4e52f921526b20697dc88d3cb9eb4b3badc43c8a Mon Sep 17 00:00:00 2001 From: automated-signal <37887102+automated-signal@users.noreply.github.com> Date: Tue, 22 Jul 2025 14:46:02 -0500 Subject: [PATCH] Privacy: Additional tweaks to debug log generation Co-authored-by: Scott Nonnenberg --- ts/test-node/util/privacy_test.ts | 60 +++++++++++++------------------ ts/util/privacy.ts | 9 +++-- 2 files changed, 31 insertions(+), 38 deletions(-) diff --git a/ts/test-node/util/privacy_test.ts b/ts/test-node/util/privacy_test.ts index a20cb4b0b4..ebb16d7510 100644 --- a/ts/test-node/util/privacy_test.ts +++ b/ts/test-node/util/privacy_test.ts @@ -12,7 +12,7 @@ describe('Privacy', () => { describe('redactCardNumbers', () => { it('should redact anything that looks like a credit card', () => { const text = - 'This is a log line with a card number 1234-1234-1234\n' + + 'This is a log line with a card number 1234-1234-1234-12\n' + 'and another one 1234 1234 1234 1234 123'; const actual = Privacy.redactCardNumbers(text); @@ -24,8 +24,6 @@ describe('Privacy', () => { it('should redact weird credit card numbers', () => { const text = - '12341234123\n' + - '123412341234\n' + '1234123412341\n' + '12341234123412\n' + '123412341234123\n' + @@ -34,35 +32,29 @@ describe('Privacy', () => { '123412341234123412\n' + '1234123412341234123\n' + '12341234123412341234\n' + - '1-2-3-4-1-2-3-4-1-2-3\n' + - '1-2-3-4-1-2-3-4-1-2-3-4\n' + - '1-2-3-4-1-2-3-4-1-2-3-4-1\n' + - '1-2-3-4-1-2-3-4-1-2-3-4-1-2\n' + - '1-2-3-4-1-2-3-4-1-2-3-4-1-2-3\n' + - '1-2-3-4-1-2-3-4-1-2-3-4-1-2-3-4\n' + - '1-2-3-4-1-2-3-4-1-2-3-4-1-2-3-4-1\n' + - '1-2-3-4-1-2-3-4-1-2-3-4-1-2-3-4-1-2\n' + - '1-2-3-4-1-2-3-4-1-2-3-4-1-2-3-4-1-2-3\n' + - '1-2-3-4-1-2-3-4-1-2-3-4-1-2-3-4-1-2-3-4\n' + - '1 2 3 4 1 2 3 4 1 2 3\n' + - '1 2 3 4 1 2 3 4 1 2 3 4\n' + - '1 2 3 4 1 2 3 4 1 2 3 4 1\n' + - '1 2 3 4 1 2 3 4 1 2 3 4 1 2\n' + - '1 2 3 4 1 2 3 4 1 2 3 4 1 2 3\n' + - '1 2 3 4 1 2 3 4 1 2 3 4 1 2 3 4\n' + - '1 2 3 4 1 2 3 4 1 2 3 4 1 2 3 4 1\n' + - '1 2 3 4 1 2 3 4 1 2 3 4 1 2 3 4 1 2\n' + - '1 2 3 4 1 2 3 4 1 2 3 4 1 2 3 4 1 2 3\n' + - '1 2 3 4 1 2 3 4 1 2 3 4 1 2 3 4 1 2 3 4\n' + - '1 2 3 a 4 1 2 3 4 1 2 3 4 1 2 3 4 1 2 3 4\n' + - '1 2 3 4 1 2 3 4 1 2 3 4 1 2 3 4 1 a 2 3 4\n' + + '123-4-1-2-3-4-1-2-3-4-1\n' + + '123-4-1-2-3-4-1-2-3-4-1-2\n' + + '123-4-1-2-3-4-1-2-3-4-1-2-3\n' + + '123-4-1-2-3-4-1-2-3-4-1-2-3-4\n' + + '123-4-1-2-3-4-1-2-3-4-1-2-3-4-1\n' + + '123-4-1-2-3-4-1-2-3-4-1-2-3-4-1-2\n' + + '123-4-1-2-3-4-1-2-3-4-1-2-3-4-1-2-3\n' + + '123-4-1-2-3-4-1-2-3-4-1-2-3-4-1-2-3-4\n' + + '123 4 1 2 3 4 1 2 3 4 1\n' + + '123 4 1 2 3 4 1 2 3 4 1 2\n' + + '123 4 1 2 3 4 1 2 3 4 1 2 3\n' + + '123 4 1 2 3 4 1 2 3 4 1 2 3 4\n' + + '123 4 1 2 3 4 1 2 3 4 1 2 3 4 1\n' + + '123 4 1 2 3 4 1 2 3 4 1 2 3 4 1 2\n' + + '123 4 1 2 3 4 1 2 3 4 1 2 3 4 1 2 3\n' + + '123 4 1 2 3 4 1 2 3 4 1 2 3 4 1 2 3 4\n' + + '123a412 3 4 1 2 3 4 1 2 3 4 1 2 3 4\n' + + '123 4 1 2 3 4 1 2 3 4 1 2 3 4 1 a 2 3 4\n' + ''; const actual = Privacy.redactCardNumbers(text); const expected = - '12341234123\n' + - '[REDACTED]\n' + - '[REDACTED]\n' + + '1234123412341\n' + '[REDACTED]\n' + '[REDACTED]\n' + '[REDACTED]\n' + @@ -70,9 +62,7 @@ describe('Privacy', () => { '[REDACTED]\n' + '[REDACTED]\n' + '[REDACTED]4\n' + - '1-2-3-4-1-2-3-4-1-2-3\n' + - '[REDACTED]\n' + - '[REDACTED]\n' + + '123-4-1-2-3-4-1-2-3-4-1\n' + '[REDACTED]\n' + '[REDACTED]\n' + '[REDACTED]\n' + @@ -80,9 +70,7 @@ describe('Privacy', () => { '[REDACTED]\n' + '[REDACTED]\n' + '[REDACTED]-4\n' + - '1 2 3 4 1 2 3 4 1 2 3\n' + - '[REDACTED]\n' + - '[REDACTED]\n' + + '123 4 1 2 3 4 1 2 3 4 1\n' + '[REDACTED]\n' + '[REDACTED]\n' + '[REDACTED]\n' + @@ -90,7 +78,7 @@ describe('Privacy', () => { '[REDACTED]\n' + '[REDACTED]\n' + '[REDACTED] 4\n' + - '1 2 3 a [REDACTED]\n' + + '123a[REDACTED]\n' + '[REDACTED] a 2 3 4\n' + ''; assert.equal(actual, expected); @@ -98,6 +86,7 @@ describe('Privacy', () => { it('should not redact things that are close to credit card numbers', () => { const text = ` + INFO 2025-07-22T16:39:12.383Z [background] delivery receipt from [REDACTED]f41.1 1753202353590 for sent message 1753202351897 wasSentEncrypted=true 12--3412341234 1234123 412341234 1e23412341234 @@ -105,6 +94,7 @@ describe('Privacy', () => { const actual = Privacy.redactCardNumbers(text); const expected = ` + INFO 2025-07-22T16:39:12.383Z [background] delivery receipt from [REDACTED]f41.1 1753202353590 for sent message 1753202351897 wasSentEncrypted=true 12--3412341234 1234123 412341234 1e23412341234 diff --git a/ts/util/privacy.ts b/ts/util/privacy.ts index e62cfe299c..68d8b8304a 100644 --- a/ts/util/privacy.ts +++ b/ts/util/privacy.ts @@ -24,7 +24,7 @@ const CALL_LINK_ROOT_KEY_PATTERN = /([A-Z]{4})-[A-Z]{4}-[A-Z]{4}-[A-Z]{4}-[A-Z]{4}-[A-Z]{4}-[A-Z]{4}-[A-Z]{4}/gi; const ATTACHMENT_URL_KEY_PATTERN = /(attachment:\/\/[^\s]+key=)([^\s]+)/gi; const REDACTION_PLACEHOLDER = '[REDACTED]'; -const CARD_NUMBER_PATTERN = /(\d[- ]?){11,18}\d/g; +const CARD_NUMBER_PATTERN = /\d\d(\d[- ]?){11,16}\d/g; export type RedactFunction = (value: string) => string; @@ -222,15 +222,18 @@ addSensitivePath(APP_ROOT_PATH); export const redactAll: RedactFunction = text => { let result = text; + // Do these first, to retain last characters result = redactAttachmentUrlKeys(result); result = redactCallLinkRoomIds(result); result = redactCallLinkRootKeys(result); - result = redactCardNumbers(result); result = redactGroupIds(result); result = redactPhoneNumbers(result); - result = redactSensitivePaths(result); result = redactUuids(result); + // These leave nothing + result = redactCardNumbers(result); + result = redactSensitivePaths(result); + return result; };