matthiasn
commented
6 years ago Hey! Sure why not, how or where do you intend to use that? Cheers
Closed kamituel closed 6 years ago
matthiasn
commented
6 years ago Hey! Sure why not, how or where do you intend to use that? Cheers
kamituel
commented
6 years ago Thanks!
Let me give you some context:
Recently I've been adding some functionalities to systems-toolbox-chrome. As you now, we do have a probe there, a small component that listens on firehose for all messages and state snapshots, and keeps them in memory for a while, until Chrome's DevTool extension picks them up.
Now, I've been building upon that, and now probe can not only keep those records for DevTools extension to use, but it can keep last N seconds of such records, and later download them as a file in the browser, if needed.
Imagine a user of a webapp in production who notices something wrong, A bug, misbehaviour, things like that. Sometimes it might be even hard to reproduce. Such user could click a "report an issue" button that would cause his browser to download a file with all the diagnostic information that will let us (developers) diagnose the issue.
However, keeping history of messages and state snapshots in memory, and later dumping them to a file, might not be a good idea from a security/compliance perspective. Some passwords, or other sensitive data, might be there. Hence we need to "sanitize" all that before storing it in memory, and certainly before dumping it to a file. My approach to that is paranoid, and I'm obfuscating most of the stuff, i.e. any string that happens to be in a map's value, like say "password", will become "[[STRING:8]]" (where a number describes length of such string). However, plenty is still kept, i.e. keywords, collections and so on.
I'm also not obfuscating fields generated by systems-toolbox itself. So I'd never replace :corr-id's value, for instance, as it's not assigned by our app, so no data can be leaked there. That's fine.
But I do need to obfuscate :tag, because it can be overwritten by our app, so a bug where a password, for instance, ends up there, is possible. That's bad, because usually :tag is a UUID, that is useful when inspecting what happened in the systems-toolbox app. It tells us which messages are part of the same exchange (are correlated to each other), among other things.
So using uuid? in our obfuscation would be nice. That's why I wanted all UUID's in systems-toolbox to pass that predicate.
Oh, and as an extra - probe will also record state snapshot diffs, for each component. So from the logs, you can tell for instance, which fields in the form user were typing into. And even if you don't know the exact value (is obfuscated), you know they were populated, in which order, and so on.
There are plenty of things about this that can be improved. Imagine uploading such dump file to the chrome extension and see all that data nicely laid out, inspectable, etc. Or imagine taking such dump file and loading it to the live web app, and see the interface as the user saw it right after something went wrong.
Hey! It would be useful it
:corr-idand:tagpasseduuid?predicate. I don't see any reason to wrap those withstr. Mabe it was related to some serialization issues when sending over commands to the backend?