Skip to content
Snippets Groups Projects
Verified Commit 8b56e082 authored by Torsten Grote's avatar Torsten Grote
Browse files

Scrub IP addresses before logging

parent ca094620
No related branches found
No related tags found
No related merge requests found
......@@ -57,6 +57,7 @@ import static android.bluetooth.BluetoothDevice.EXTRA_DEVICE;
import static java.util.concurrent.TimeUnit.MILLISECONDS;
import static java.util.logging.Level.INFO;
import static java.util.logging.Level.WARNING;
import static org.briarproject.util.PrivacyUtils.scrubMacAddress;
class DroidtoothPlugin implements DuplexPlugin {
......@@ -172,7 +173,7 @@ class DroidtoothPlugin implements DuplexPlugin {
String address = AndroidUtils.getBluetoothAddress(appContext,
adapter);
if (LOG.isLoggable(INFO))
LOG.info("Local address " + scrub(address));
LOG.info("Local address " + scrubMacAddress(address));
if (!StringUtils.isNullOrEmpty(address)) {
// Advertise the Bluetooth address to contacts
TransportProperties p = new TransportProperties();
......@@ -237,7 +238,7 @@ class DroidtoothPlugin implements DuplexPlugin {
}
if (LOG.isLoggable(INFO)) {
String address = s.getRemoteDevice().getAddress();
LOG.info("Connection from " + scrub(address));
LOG.info("Connection from " + scrubMacAddress(address));
}
backoff.reset();
callback.incomingConnectionCreated(wrapSocket(s));
......@@ -325,14 +326,14 @@ class DroidtoothPlugin implements DuplexPlugin {
try {
s = d.createInsecureRfcommSocketToServiceRecord(u);
if (LOG.isLoggable(INFO))
LOG.info("Connecting to " + scrub(address));
LOG.info("Connecting to " + scrubMacAddress(address));
s.connect();
if (LOG.isLoggable(INFO))
LOG.info("Connected to " + scrub(address));
LOG.info("Connected to " + scrubMacAddress(address));
return s;
} catch (IOException e) {
if (LOG.isLoggable(INFO))
LOG.info("Failed to connect to " + scrub(address));
LOG.info("Failed to connect to " + scrubMacAddress(address));
tryToClose(s);
return null;
}
......@@ -490,12 +491,6 @@ class DroidtoothPlugin implements DuplexPlugin {
return new DroidtoothTransportConnection(this, s);
}
private static String scrub(String address) {
return address.substring(0, 3) +
"[scrubbed]" +
address.substring(14, 17);
}
private class BluetoothStateReceiver extends BroadcastReceiver {
@Override
......@@ -576,7 +571,8 @@ class DroidtoothPlugin implements DuplexPlugin {
} else if (action.equals(FOUND)) {
BluetoothDevice d = intent.getParcelableExtra(EXTRA_DEVICE);
if (LOG.isLoggable(INFO))
LOG.info("Discovered device: " + scrub(d.getAddress()));
LOG.info("Discovered device: " +
scrubMacAddress(d.getAddress()));
addresses.add(d.getAddress());
}
}
......
......@@ -29,6 +29,7 @@ import java.util.logging.Logger;
import static java.util.logging.Level.INFO;
import static java.util.logging.Level.WARNING;
import static org.briarproject.util.PrivacyUtils.scrubSocketAddress;
class LanTcpPlugin extends TcpPlugin {
......@@ -177,7 +178,7 @@ class LanTcpPlugin extends TcpPlugin {
break;
} catch (IOException e) {
if (LOG.isLoggable(INFO))
LOG.info("Failed to bind " + addr);
LOG.info("Failed to bind " + scrubSocketAddress(addr));
tryToClose(ss);
}
}
......@@ -205,20 +206,24 @@ class LanTcpPlugin extends TcpPlugin {
if (!isConnectable(remote)) {
if (LOG.isLoggable(INFO)) {
SocketAddress local = socket.getLocalSocketAddress();
LOG.info(remote + " is not connectable from " + local);
LOG.info(scrubSocketAddress(remote) +
" is not connectable from " +
scrubSocketAddress(local));
}
return null;
}
Socket s = new Socket();
try {
if (LOG.isLoggable(INFO)) LOG.info("Connecting to " + remote);
if (LOG.isLoggable(INFO))
LOG.info("Connecting to " + scrubSocketAddress(remote));
s.connect(remote);
s.setSoTimeout(socketTimeout);
if (LOG.isLoggable(INFO)) LOG.info("Connected to " + remote);
if (LOG.isLoggable(INFO))
LOG.info("Connected to " + scrubSocketAddress(remote));
return new TcpTransportConnection(this, s);
} catch (IOException e) {
if (LOG.isLoggable(INFO))
LOG.info("Could not connect to " + remote);
LOG.info("Could not connect to " + scrubSocketAddress(remote));
return null;
}
}
......
package org.briarproject.plugins.tcp;
import static java.util.logging.Level.INFO;
import static java.util.logging.Level.WARNING;
import org.bitlet.weupnp.GatewayDevice;
import org.bitlet.weupnp.GatewayDiscover;
import org.briarproject.api.lifecycle.ShutdownManager;
import org.xml.sax.SAXException;
import java.io.IOException;
import java.net.InetAddress;
......@@ -10,10 +12,9 @@ import java.util.logging.Logger;
import javax.xml.parsers.ParserConfigurationException;
import org.bitlet.weupnp.GatewayDevice;
import org.bitlet.weupnp.GatewayDiscover;
import org.briarproject.api.lifecycle.ShutdownManager;
import org.xml.sax.SAXException;
import static java.util.logging.Level.INFO;
import static java.util.logging.Level.WARNING;
import static org.briarproject.util.PrivacyUtils.scrubInetAddress;
class PortMapperImpl implements PortMapper {
......@@ -35,7 +36,7 @@ class PortMapperImpl implements PortMapper {
InetAddress internal = gateway.getLocalAddress();
if (internal == null) return null;
if (LOG.isLoggable(INFO))
LOG.info("Internal address " + getHostAddress(internal));
LOG.info("Internal address " + scrubInetAddress(internal));
boolean succeeded = false;
InetAddress external = null;
try {
......@@ -50,7 +51,8 @@ class PortMapperImpl implements PortMapper {
}
String externalString = gateway.getExternalIPAddress();
if (LOG.isLoggable(INFO))
LOG.info("External address " + externalString);
LOG.info(
"External address " + scrubInetAddress(externalString));
if (externalString != null)
external = InetAddress.getByName(externalString);
} catch (IOException e) {
......
......@@ -30,6 +30,7 @@ import java.util.regex.Pattern;
import static java.util.logging.Level.INFO;
import static java.util.logging.Level.WARNING;
import static org.briarproject.util.PrivacyUtils.scrubSocketAddress;
abstract class TcpPlugin implements DuplexPlugin {
......@@ -107,14 +108,15 @@ abstract class TcpPlugin implements DuplexPlugin {
public void run() {
if (!running) return;
ServerSocket ss = null;
for (SocketAddress addr : getLocalSocketAddresses()) {
for (InetSocketAddress addr : getLocalSocketAddresses()) {
try {
ss = new ServerSocket();
ss.bind(addr);
break;
} catch (IOException e) {
if (LOG.isLoggable(INFO))
LOG.info("Failed to bind " + addr);
LOG.info("Failed to bind " +
scrubSocketAddress(addr));
tryToClose(ss);
}
}
......@@ -128,9 +130,11 @@ abstract class TcpPlugin implements DuplexPlugin {
}
socket = ss;
backoff.reset();
SocketAddress local = ss.getLocalSocketAddress();
setLocalSocketAddress((InetSocketAddress) local);
if (LOG.isLoggable(INFO)) LOG.info("Listening on " + local);
InetSocketAddress local =
(InetSocketAddress) ss.getLocalSocketAddress();
setLocalSocketAddress(local);
if (LOG.isLoggable(INFO))
LOG.info("Listening on " + scrubSocketAddress(local));
callback.transportEnabled();
acceptContactConnections();
}
......@@ -166,7 +170,8 @@ abstract class TcpPlugin implements DuplexPlugin {
return;
}
if (LOG.isLoggable(INFO))
LOG.info("Connection from " + s.getRemoteSocketAddress());
LOG.info("Connection from " +
scrubSocketAddress(s.getRemoteSocketAddress()));
backoff.reset();
TcpTransportConnection conn = new TcpTransportConnection(this, s);
callback.incomingConnectionCreated(conn);
......@@ -223,20 +228,25 @@ abstract class TcpPlugin implements DuplexPlugin {
if (!isConnectable(remote)) {
if (LOG.isLoggable(INFO)) {
SocketAddress local = socket.getLocalSocketAddress();
LOG.info(remote + " is not connectable from " + local);
LOG.info(scrubSocketAddress(remote) +
" is not connectable from " +
scrubSocketAddress(local));
}
continue;
}
Socket s = new Socket();
try {
if (LOG.isLoggable(INFO)) LOG.info("Connecting to " + remote);
if (LOG.isLoggable(INFO))
LOG.info("Connecting to " + scrubSocketAddress(remote));
s.connect(remote);
s.setSoTimeout(socketTimeout);
if (LOG.isLoggable(INFO)) LOG.info("Connected to " + remote);
if (LOG.isLoggable(INFO))
LOG.info("Connected to " + scrubSocketAddress(remote));
return new TcpTransportConnection(this, s);
} catch (IOException e) {
if (LOG.isLoggable(INFO))
LOG.info("Could not connect to " + remote);
LOG.info("Could not connect to " +
scrubSocketAddress(remote));
}
}
return null;
......@@ -255,6 +265,7 @@ abstract class TcpPlugin implements DuplexPlugin {
return new InetSocketAddress(a, p);
} catch (UnknownHostException e) {
if (LOG.isLoggable(WARNING))
// not scrubbing to enable us to find the problem
LOG.warning("Invalid address: " + addr);
return null;
} catch (NumberFormatException e) {
......
package org.briarproject.util;
import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
public class PrivacyUtils {
public static String scrubOnion(String onion) {
// keep first three characters of onion address
return onion.substring(0, 3) + "[_scrubbed_]";
}
public static String scrubMacAddress(String address) {
if (address == null) return null;
// this is a fake address we need to know about
if (address.equals("02:00:00:00:00:00")) return address;
// keep first and last octet of MAC address
return address.substring(0, 3) +
"[scrubbed]" +
address.substring(14, 17);
}
public static String scrubInetAddress(InetAddress address) {
// don't scrub link and site local addresses
if (address.isLinkLocalAddress() || address.isSiteLocalAddress())
return address.toString();
// completely scrub IPv6 addresses
if (address instanceof Inet6Address) return "[scrubbed]";
// keep first and last octet of IPv4 addresses
return scrubInetAddress(address.toString());
}
public static String scrubInetAddress(String address) {
if (address == null) return null;
int firstDot = address.indexOf(".");
if (firstDot == -1) return "[scrubbed]";
String prefix = address.substring(0, firstDot + 1);
int lastDot = address.lastIndexOf(".");
String suffix = address.substring(lastDot, address.length());
return prefix + "[scrubbed]" + suffix;
}
public static String scrubSocketAddress(InetSocketAddress address) {
InetAddress inetAddress = address.getAddress();
return scrubInetAddress(inetAddress);
}
public static String scrubSocketAddress(SocketAddress address) {
if (address instanceof InetSocketAddress)
return scrubSocketAddress((InetSocketAddress) address);
return scrubInetAddress(address.toString());
}
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment