icex2
commented
3 years ago Note: I already have an implementation for pumptools that we can adapt here. Basically, in the config, I added a variable for each parameter that allows flagging it as "secret". This is used in the debug output in the config to detect which values to print or not. For the application layer logic, you can be explicit about PCBIDs etc not printing them.
I also added a feature switch in the config that allows you to print logs with secret information. However, the default is false.
Summary
Might be split into two separate tasks that have the same goal though: By default, do not log any sensitive information like PCBIDs to the console/text files.
Detailed description
This has been an on-going huge pain and I gave up on educating users and redacting any logs people upload. The root cause for the problem should be fixed instead and that is to not log/output any sensitive credentials in the first place.
This can be a bit tricky considering that newer AVS games print these when dumping their XML config to the console/textfile. That might need some heuristic to scan and detect these in the log hooks.
For older games using inject, only bemanitools print these in various spots, e.g. config parsing debug output, ezusb emulation, etc.
Sensitive information to redact:
Setting this issue confidential because it is an open attack vector for crawling for PCBIDs right now that we don't want to broadcast.
Benefits
Don't leak sensitive (personal) information of users. When we need this, we should explicitly ask this to be transfered over a more secure channel not everyone can read.
Drawbacks
None
Current blockers
None