Improve scrubbing of sensitive identifiers

Fixes #1189
2025-08-29 02:20:39 +00:00 · 2024-01-31 20:33:01 +01:00 · 2024-01-31 20:33:01 +01:00 · 00e71ed0fc
commit 00e71ed0fc
parent a40810e33e
3 changed files with 31 additions and 2 deletions
--- a/man/signal-cli.1.adoc
+++ b/man/signal-cli.1.adoc
@ -44,6 +44,7 @@ If `--verbose` is also given, the detailed logs will only be written to the log
 *--scrub-log*::
 Scrub possibly sensitive information from the log, like phone numbers and UUIDs.
 Doesn't work reliably on dbus logs with very verbose logging (`-vvv`)
 *--config* CONFIG::
 Set the path, where to store the config.
--- a/src/main/java/org/asamk/signal/logging/LogConfigurator.java
+++ b/src/main/java/org/asamk/signal/logging/LogConfigurator.java
@ -52,6 +52,8 @@ public class LogConfigurator extends ContextAwareBase implements Configurator {
        rootLogger.addAppender(consoleAppender);
        lc.getLogger("org.asamk").setLevel(verboseLevel > 1 ? Level.ALL : verboseLevel > 0 ? Level.DEBUG : Level.INFO);
        lc.getLogger("org.asamk.Signal")
                .setLevel(verboseLevel > 2 ? Level.ALL : verboseLevel > 1 ? Level.INFO : Level.WARN);
        lc.getLogger("com.zaxxer.hikari.pool.PoolBase")
                .setLevel(verboseLevel > 2 ? Level.ALL : verboseLevel > 1 ? Level.INFO : Level.WARN);
        lc.getLogger("org.sqlite.core.NativeDB")
--- a/src/main/java/org/asamk/signal/logging/Scrubber.java
+++ b/src/main/java/org/asamk/signal/logging/Scrubber.java
@ -37,9 +37,17 @@ public final class Scrubber {
     * Supposedly, the shortest international phone numbers in use contain seven digits.
     * Handles URL encoded +, %2B
     */
-    private static final Pattern E164_PATTERN = Pattern.compile("(\\+|%2B|/org/asamk/Signal/_)(\\d{5,13})(\\d{2})");
+    private static final Pattern E164_PATTERN = Pattern.compile("(\\+|%2B|_)(\\d{5,13})(\\d{2})");
    private static final String E164_CENSOR = "*************";
    private static final Pattern GROUP_V1_ID_PATTERN = Pattern.compile(
            "(/org/asamk/Signal/.*Groups/[a-zA-Z0-9/_+-]{2}|[a-zA-Z0-9/_+-]{2})([a-zA-Z0-9/_+-]{18})([a-zA-Z0-9/_+-]{2})(==|__)");
    private static final String GROUP_V1_ID_CENSOR = "*".repeat(18);
    private static final Pattern GROUP_V2_ID_PATTERN = Pattern.compile(
            "(/org/asamk/Signal/.*Groups/[a-zA-Z0-9/_+-]{2}|[a-zA-Z0-9/_+-]{2})([a-zA-Z0-9/_+-]{39})([a-zA-Z0-9/_+-]{2})([=_])");
    private static final String GROUP_V2_ID_CENSOR = "*".repeat(39);
    /**
     * The second group will be censored.
     */
@ -172,9 +180,11 @@ public final class Scrubber {
    public static CharSequence scrub(CharSequence in) {
        in = scrubUuids(in);
        in = scrubE164(in);
        in = scrubEmail(in);
-        in = scrubUuids(in);
+        in = scrubGroupV2Ids(in);
        in = scrubGroupV1Ids(in);
        in = scrubDomains(in);
        in = scrubIpv4(in);
@ -189,6 +199,22 @@ public final class Scrubber {
                        .append(matcher.group(3)));
    }
    private static CharSequence scrubGroupV1Ids(CharSequence in) {
        return scrub(in,
                GROUP_V1_ID_PATTERN,
                (matcher, output) -> output.append(matcher.group(1))
                        .append(GROUP_V1_ID_CENSOR, 0, matcher.group(2).length())
                        .append(matcher.group(3)));
    }
    private static CharSequence scrubGroupV2Ids(CharSequence in) {
        return scrub(in,
                GROUP_V2_ID_PATTERN,
                (matcher, output) -> output.append(matcher.group(1))
                        .append(GROUP_V2_ID_CENSOR, 0, matcher.group(2).length())
                        .append(matcher.group(3)));
    }
    private static CharSequence scrubEmail(CharSequence in) {
        return scrub(in,
                CRUDE_EMAIL_PATTERN,