Ensure distinct_id can't get leaked on accident

DeterminateSystems / riff

Riff automatically provides external dependencies for Rust projects, with support for other languages coming soon.

https://riff.sh

Mozilla Public License 2.0

486 stars 13 forks source link

Ensure distinct_id can't get leaked on accident #119

Closed cole-h closed 2 years ago

cole-h commented 2 years ago

We do this by using the secrecy crate to ensure the fmt::Debug representation of the Telemetry struct redacts the distinct_id field.

Because Uuid is a foreign type, I had to make a newtype around it in order to implement the marker traits that allows secrecy::Secret to do its job.

grahamc commented 2 years ago

Looking good:

2022-09-08T12:30:08.850696Z TRACE riff::telemetry: Sending telemetry data to https://registry.riff.determinate.systems/telemetry, data: Telemetry { distinct_id: Some(Secret([REDACTED riff::telemetry::DistinctId])), system_os: "linux", system_arch: "x86_64", os_release_name: Some("NixOS"), os_release_version_id: Some("22.11"), riff_version: "1.0.0", nix_version: Some("nix (Nix) 2.10.3"), is_tty: true, subcommand: None, detected_languages: {}, in_ci: false }

grahamc commented 2 years ago

Note I also verified that the telemetry events still contain the distinct ID as expected. Nicely done!