Scrub names from messages in logging/telemetry

Author: manodnyab

plugins/core/jetbrains-community/src/software/aws/toolkits/jetbrains/core/credentials/sso/DiskCache.kt

@@ -32,6 +32,7 @@ import software.aws.toolkits.core.utils.touch
 import software.aws.toolkits.core.utils.tryDirOp
 import software.aws.toolkits.core.utils.tryFileOp
 import software.aws.toolkits.core.utils.tryOrNull
+import software.aws.toolkits.jetbrains.services.telemetry.scrubNames
 import software.aws.toolkits.telemetry.AuthTelemetry
 import software.aws.toolkits.telemetry.Result
 import java.io.InputStream
@@ -111,7 +112,7 @@ class DiskCache(
                 source = "loadClientRegistration",
                 result = Result.Failed,
                 reason = "Failed to load Client Registration",
-                reasonDesc = "Load Step:$stage failed. Unable to load file"
+                reasonDesc = "Load Step:$stage failed. Cache file does not exist"
             )
             return null
         }
@@ -136,7 +137,7 @@ class DiskCache(
                 source = "invalidateClientRegistration",
                 result = Result.Failed,
                 reason = "Failed to invalidate Client Registration",
-                reasonDesc = e.message ?: e::class.java.name
+                reasonDesc = e.message?.let { scrubNames(it) } ?: e::class.java.name
             )
             throw e
         }
@@ -152,7 +153,7 @@ class DiskCache(
                 source = "invalidateAccessToken",
                 result = Result.Failed,
                 reason = "Failed to invalidate Access Token",
-                reasonDesc = e.message ?: e::class.java.name
+                reasonDesc = e.message?.let { scrubNames(it) } ?: e::class.java.name
             )
             throw e
         }
@@ -186,7 +187,7 @@ class DiskCache(
                 source = "invalidateAccessToken",
                 result = Result.Failed,
                 reason = "Failed to invalidate Access Token",
-                reasonDesc = e.message ?: e::class.java.name
+                reasonDesc = e.message?.let { scrubNames(it) } ?: e::class.java.name
             )
             throw e
         }
@@ -282,7 +283,7 @@ class DiskCache(
                 source = "writeKey",
                 result = Result.Failed,
                 reason = "Failed to write to cache",
-                reasonDesc = e.message ?: e::class.java.name
+                reasonDesc = e.message?.let { scrubNames(it) } ?: e::class.java.name
             )
             throw e
         }

plugins/core/jetbrains-community/src/software/aws/toolkits/jetbrains/core/credentials/sso/SsoAccessTokenProvider.kt

@@ -3,6 +3,7 @@
 
 package software.aws.toolkits.jetbrains.core.credentials.sso
 
+import com.intellij.openapi.application.ApplicationInfo
 import com.intellij.openapi.components.service
 import com.intellij.openapi.progress.EmptyProgressIndicator
 import com.intellij.openapi.progress.ProcessCanceledException
@@ -23,6 +24,7 @@ import software.aws.toolkits.jetbrains.core.credentials.sono.SONO_URL
 import software.aws.toolkits.jetbrains.core.credentials.sso.pkce.PKCE_CLIENT_NAME
 import software.aws.toolkits.jetbrains.core.credentials.sso.pkce.ToolkitOAuthService
 import software.aws.toolkits.jetbrains.core.webview.getAuthType
+import software.aws.toolkits.jetbrains.services.telemetry.scrubNames
 import software.aws.toolkits.jetbrains.utils.assertIsNonDispatchThread
 import software.aws.toolkits.jetbrains.utils.sleepWithCancellation
 import software.aws.toolkits.resources.AwsCoreBundle
@@ -182,7 +184,7 @@ class SsoAccessTokenProvider(
                 source = "accessToken",
                 result = Result.Failed,
                 reason = "Failed to write AccessToken to cache",
-                reasonDesc = e.message ?: e::class.java.name,
+                reasonDesc = e.message?.let { scrubNames(it) } ?: e::class.java.name,
             )
             throw e
         }
@@ -224,7 +226,7 @@ class SsoAccessTokenProvider(
                 source = "registerDAGClient",
                 result = Result.Failed,
                 reason = "Failed to write DeviceAuthorizationClientRegistration to cache",
-                reasonDesc = e.message ?: e::class.java.name
+                reasonDesc = e.message?.let { scrubNames(it) } ?: e::class.java.name
             )
             throw e
         }
@@ -276,7 +278,7 @@ class SsoAccessTokenProvider(
                 source = "registerPkceClient",
                 result = Result.Failed,
                 reason = "Failed to write PKCEClientRegistration to cache",
-                reasonDesc = e.message ?: e::class.java.name
+                reasonDesc = e.message?.let { scrubNames(it) } ?: e::class.java.name
             )
             throw e
         }
@@ -345,6 +347,7 @@ class SsoAccessTokenProvider(
 
                 onPendingToken.tokenRetrieved()
                 _authorization.set(null)
+                ApplicationInfo.getInstance().build.baselineVersion
 
                 return tokenResponse.toDAGAccessToken(authorization.createdAt)
             } catch (e: SlowDownException) {

plugins/core/jetbrains-community/src/software/aws/toolkits/jetbrains/services/telemetry/TelemetryUtils.kt

@@ -200,3 +200,66 @@ val ALLOWED_CODE_EXTENSIONS = setOf(
     "yml",
     "zig"
 )
+
+fun scrubNames(messageToBeScrubbed: String, username: String? = null): String {
+    var scrubbedMessage = ""
+    val fileExtRegex = Regex("""\.[^./]+$""")
+    val slashdot = Regex("""^[~.]*[/\\]*""")
+
+    /** Allowlisted filepath segments. */
+    val keep = setOf(
+        "~", ".", "..", ".aws", "aws", "sso", "cache", "credentials", "config",
+        "Users", "users", "home", "tmp", "aws-toolkit-jetbrains"
+    )
+
+    var processedMessage = messageToBeScrubbed
+    if (!username.isNullOrEmpty() && username.length > 2) {
+        processedMessage = processedMessage.replace(username, "x")
+    }
+
+    // Replace contiguous whitespace with 1 space.
+    processedMessage = processedMessage.replace(Regex("""\s+"""), " ")
+
+    // 1. split on whitespace.
+    // 2. scrub words that match username or look like filepaths.
+    val words = processedMessage.split(Regex("""\s+"""))
+    for (word in words) {
+        val pathSegments = word.split(Regex("""[/\\]""")).filter { it != "" }
+        if (pathSegments.size < 2) {
+            // Not a filepath.
+            scrubbedMessage += " $word"
+            continue
+        }
+
+        // Replace all (non-allowlisted) ASCII filepath segments with "x".
+        // "/foo/bar/aws/sso/" => "/x/x/aws/sso/"
+        var scrubbed = ""
+        // Get the frontmatter ("/", "../", "~/", or "./").
+        val start = slashdot.find(word.trimStart())?.value ?: ""
+        val firstVal = pathSegments[0].trimStart().replace(slashdot, "")
+
+        val ps = pathSegments.filterIndexed { i, _ -> i != 0 }.toMutableList()
+        ps.add(0, firstVal)
+        val driveLetterRegex = Regex("""^[a-zA-Z]:""")
+        for (seg in ps) {
+            when {
+                driveLetterRegex.matches(seg) -> scrubbed += seg
+                keep.contains(seg) -> scrubbed += "/$seg"
+                else -> {
+                    // Save the first non-ASCII (unicode) char, if any.
+                    val nonAscii = Regex("""[^\p{ASCII}]""").find(seg)?.value ?: ""
+                    // Replace all chars (except [^…]) with "x" .
+                    val ascii = seg.replace(Regex("""[^$\[\](){}:;'" ]+"""), "x")
+                    scrubbed += "/${ascii}$nonAscii"
+                }
+            }
+        }
+
+        // includes leading '.', eg: '.json'
+        val fileExt = fileExtRegex.find(pathSegments.last())?.value ?: ""
+        val newString = " ${start.replace(Regex("""\\"""), "/")}${scrubbed.removePrefix("//").removePrefix("/").removePrefix("\\")}$fileExt"
+        scrubbedMessage += newString
+    }
+
+    return scrubbedMessage.trim()
+}

plugins/core/jetbrains-community/tst/software/aws/toolkits/jetbrains/services/telemetry/TelemetryUtilsTest.kt

@@ -0,0 +1,79 @@
+// Copyright 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package software.aws.toolkits.jetbrains.services.telemetry
+
+import org.junit.jupiter.api.Assertions.assertEquals
+import org.junit.jupiter.api.Test
+
+class TelemetryUtilsTest {
+
+    @Test
+    fun testScrubNames() {
+        val fakeUser = "jdoe123"
+
+        assertEquals("", scrubNames("", fakeUser))
+        assertEquals("a ./ b", scrubNames("a ./ b", fakeUser))
+        assertEquals("a ../ b", scrubNames("a ../ b", fakeUser))
+        assertEquals("a /.. b", scrubNames("a /.. b", fakeUser))
+        assertEquals("a //..// b", scrubNames("a //..// b", fakeUser))
+        assertEquals("a / b", scrubNames("a / b", fakeUser))
+        assertEquals("a ~/ b", scrubNames("a ~/ b", fakeUser))
+        assertEquals("a //// b", scrubNames("a //// b", fakeUser))
+        assertEquals("a .. b", scrubNames("a .. b", fakeUser))
+        assertEquals("a . b", scrubNames("a . b", fakeUser))
+        assertEquals("lots of x", scrubNames("      lots      of         space       ", "space"))
+        assertEquals(
+            "Failed to save c:/xß/xï/xó/x∑/xπ/xö/x/xö/x.txt no permissions (error!)",
+            scrubNames(
+                "Failed to save c:/fooß/aïböcß/aób∑c/∑ö/ππ¨p/ö/a/bar123öabc/baz.txt no permissions (error!)",
+                fakeUser
+            )
+        )
+        assertEquals(
+            "user: x file: C:/Users/x/.aws/sso/cache/x.json (regex: /x/)",
+            scrubNames("user: jdoe123 file: C:/Users/user1/.aws/sso/cache/abc123.json (regex: /foo/)", fakeUser)
+        )
+        assertEquals("/Users/x/x.jso", scrubNames("/Users/user1/foo.jso", fakeUser))
+        assertEquals("/Users/x/x.js", scrubNames("/Users/user1/foo.js", fakeUser))
+        assertEquals("/Users/x/x", scrubNames("/Users/user1/noFileExtension", fakeUser))
+        assertEquals("/Users/x/x.a", scrubNames("/Users/user1/minExtLength.a", fakeUser))
+        assertEquals("/Users/x/x.123456", scrubNames("/Users/user1/extIsNum.123456", fakeUser))
+        assertEquals(
+            "/Users/x/x.looooooooongextension",
+            scrubNames("/Users/user1/foo.looooooooongextension", fakeUser)
+        )
+        assertEquals("/Users/x/x.ext3", scrubNames("/Users/user1/multipleExts.ext1.ext2.ext3", fakeUser))
+
+        assertEquals("c:/xß/x/x.txt", scrubNames("c:\\fooß\\bar\\baz.txt", fakeUser))
+        //     assertEquals(
+        //          "uhh c:/x x/ spaces /x hmm...",
+        //          scrubNames("uhh c:\\path with\\ spaces \\baz.. hmm...", fakeUser)
+        //      )
+        assertEquals(
+            "unc path: //x$/x/x END",
+            scrubNames("unc path: \\\\server$\\pipename\\etc END", fakeUser)
+        )
+        assertEquals(
+            "c:/Users/x/.aws/sso/cache/x.json x abc",
+            scrubNames("c:\\Users\\user1\\.aws\\sso\\cache\\abc123.json jdoe123 abc", fakeUser)
+        )
+        assertEquals(
+            "unix /home/x/.aws/config failed",
+            scrubNames("unix /home/jdoe123/.aws/config failed", fakeUser)
+        )
+        assertEquals(
+            "unix ~x/.aws/config failed",
+            scrubNames("unix ~jdoe123/.aws/config failed", fakeUser)
+        )
+        assertEquals(
+            "unix ../../.aws/config failed",
+            scrubNames("unix ../../.aws/config failed", fakeUser)
+        )
+        assertEquals("unix ~/.aws/config failed", scrubNames("unix ~/.aws/config failed", fakeUser))
+        assertEquals(
+            "/Users/x/.aws/sso/cache/x.json no space",
+            scrubNames("/Users/user1/.aws/sso/cache/abc123.json no space", fakeUser)
+        )
+    }
+}