Log redacted versions of the requests if private logging is disabled

Even if we don’t want to log any sensitive information, we can still log the keys of JSON objects and insensitive values such as integers and booleans.

Author: ahoppen

Sources/LanguageServerProtocolJSONRPC/LoggableMessageTypes.swift

@@ -14,23 +14,6 @@ import Foundation
 import LanguageServerProtocol
 import SKLogging
 
-fileprivate extension Encodable {
-  var prettyPrintJSON: String {
-    let encoder = JSONEncoder()
-    encoder.outputFormatting.insert(.prettyPrinted)
-    encoder.outputFormatting.insert(.sortedKeys)
-    guard let data = try? encoder.encode(self) else {
-      return "\(self)"
-    }
-    guard let string = String(data: data, encoding: .utf8) else {
-      return "\(self)"
-    }
-    // Don't escape '/'. Most JSON readers don't need it escaped and it makes
-    // paths a lot easier to read and copy-paste.
-    return string.replacingOccurrences(of: "\\/", with: "/")
-  }
-}
-
 // MARK: - RequestType
 
 fileprivate struct AnyRequestType: CustomLogStringConvertible {
@@ -39,12 +22,15 @@ fileprivate struct AnyRequestType: CustomLogStringConvertible {
   public var description: String {
     return """
       \(type(of: request).method)
-      \(request.prettyPrintJSON)
+      \(request.prettyPrintedJSON)
       """
   }
 
   public var redactedDescription: String {
-    return "\(type(of: request).method)"
+    return """
+      \(type(of: request).method)
+      \(request.prettyPrintedRedactedJSON)
+      """
   }
 }
 
@@ -62,12 +48,15 @@ fileprivate struct AnyNotificationType: CustomLogStringConvertible {
   public var description: String {
     return """
       \(type(of: notification).method)
-      \(notification.prettyPrintJSON)
+      \(notification.prettyPrintedJSON)
       """
   }
 
   public var redactedDescription: String {
-    return "\(type(of: notification).method)"
+    return """
+      \(type(of: notification).method)
+      \(notification.prettyPrintedRedactedJSON)
+      """
   }
 }
 
@@ -85,13 +74,14 @@ fileprivate struct AnyResponseType: CustomLogStringConvertible {
   var description: String {
     return """
       \(type(of: response))
-      \(response.prettyPrintJSON)
+      \(response.prettyPrintedJSON)
       """
   }
 
   var redactedDescription: String {
     return """
       \(type(of: response))
+      \(response.prettyPrintedRedactedJSON)
       """
   }
 }

Sources/SKLogging/CustomLogStringConvertible.swift

@@ -64,7 +64,8 @@ extension String {
   /// A hash value that can be logged in a redacted description without
   /// disclosing any private information about the string.
   package var hashForLogging: String {
-    return Insecure.MD5.hash(data: Data(self.utf8)).description
+    let hash = SHA256.hash(data: Data(self.utf8)).prefix(8).map { String(format: "%02x", $0) }.joined()
+    return "<private \(hash)>"
   }
 }
 
@@ -86,58 +87,51 @@ extension Optional where Wrapped: CustomLogStringConvertible {
   }
 }
 
-/// A JSON-like description of the object.
-public func recursiveDescription(of subject: Any) -> String {
-  return "{"
-    + Mirror(reflecting: subject).children.map { (key, value) in
-      "\(key ?? "<nil>"): \(String(describing: value))"
-    }.joined(separator: ", ")
-    + "}"
-}
-
-fileprivate protocol OptionalProtocol {
-  associatedtype Wrapped
-  var asOptional: Wrapped? { get }
-}
-extension Optional: OptionalProtocol {
-  var asOptional: Wrapped? { self }
-}
-
-/// A JSON-like description of the object that shows trivial values but redacts values that might contain sensitive
-/// information.
-public func recursiveRedactedDescription(of value: Any) -> String {
-  switch value {
-  case let value as Bool:
-    return value.description
-  case let value as Int:
-    return value.description
-  case let value as Double:
-    return value.description
-  case let value as String:
-    return value.hashForLogging
-  case let value as any OptionalProtocol:
-    if let value = value.asOptional {
-      return recursiveRedactedDescription(of: value)
-    } else {
-      return "nil"
+extension Encodable {
+  package var prettyPrintedJSON: String {
+    let encoder = JSONEncoder()
+    encoder.outputFormatting.insert(.prettyPrinted)
+    encoder.outputFormatting.insert(.sortedKeys)
+    guard let data = try? encoder.encode(self) else {
+      return "\(self)"
+    }
+    guard let string = String(data: data, encoding: .utf8) else {
+      return "\(self)"
     }
-  default:
-    break
+    // Don't escape '/'. Most JSON readers don't need it escaped and it makes
+    // paths a lot easier to read and copy-paste.
+    return string.replacingOccurrences(of: "\\/", with: "/")
   }
 
-  let children = Mirror(reflecting: value).children.sorted { $0.label ?? "" < $1.label ?? "" }
-  if !children.isEmpty {
-    let childrenKeyValuePairs = children.map { (label, value) -> String in
-      let label = label ?? "<nil>"
-      let value =
-        if let value = value as? any CustomLogStringConvertible {
-          value.redactedDescription
-        } else {
-          recursiveRedactedDescription(of: value)
-        }
-      return "\(label): \(value)"
+  package var prettyPrintedRedactedJSON: String {
+    func redact(subject: Any) -> Any {
+      if let subject = subject as? [String: Any] {
+        return subject.mapValues { redact(subject: $0) }
+      } else if let subject = subject as? [Any] {
+        return subject.map { redact(subject: $0) }
+      } else if let subject = subject as? String {
+        return subject.hashForLogging
+      } else if let subject = subject as? Int {
+        return subject
+      } else if let subject = subject as? Double {
+        return subject
+      } else if let subject = subject as? Bool {
+        return subject
+      } else {
+        return "<private>"
+      }
+    }
+
+    guard let encoded = try? JSONEncoder().encode(self),
+      let jsonObject = try? JSONSerialization.jsonObject(with: encoded),
+      let data = try? JSONSerialization.data(
+        withJSONObject: redact(subject: jsonObject),
+        options: [.prettyPrinted, .sortedKeys]
+      ),
+      let string = String(data: data, encoding: .utf8)
+    else {
+      return "<private>"
     }
-    return "{" + childrenKeyValuePairs.joined(separator: ", ") + "}"
+    return string
   }
-  return "<private>"
 }

Sources/SKOptions/SourceKitLSPOptions.swift

@@ -21,7 +21,7 @@ import struct TSCBasic.AbsolutePath
 ///
 /// See `ConfigurationFile.md` for a description of the configuration file's behavior.
 public struct SourceKitLSPOptions: Sendable, Codable, Equatable, CustomLogStringConvertible {
-  public struct SwiftPMOptions: Sendable, Codable, Equatable, CustomLogStringConvertible {
+  public struct SwiftPMOptions: Sendable, Codable, Equatable {
     /// Build configuration (debug|release).
     ///
     /// Equivalent to SwiftPM's `--configuration` option.
@@ -94,17 +94,9 @@ public struct SourceKitLSPOptions: Sendable, Codable, Equatable, CustomLogString
         disableSandbox: override?.disableSandbox ?? base.disableSandbox
       )
     }
-
-    public var description: String {
-      recursiveDescription(of: self)
-    }
-
-    public var redactedDescription: String {
-      recursiveRedactedDescription(of: self)
-    }
   }
 
-  public struct CompilationDatabaseOptions: Sendable, Codable, Equatable, CustomLogStringConvertible {
+  public struct CompilationDatabaseOptions: Sendable, Codable, Equatable {
     /// Additional paths to search for a compilation database, relative to a workspace root.
     public var searchPaths: [String]?
 
@@ -118,17 +110,9 @@ public struct SourceKitLSPOptions: Sendable, Codable, Equatable, CustomLogString
     ) -> CompilationDatabaseOptions {
       return CompilationDatabaseOptions(searchPaths: override?.searchPaths ?? base.searchPaths)
     }
-
-    public var description: String {
-      recursiveDescription(of: self)
-    }
-
-    public var redactedDescription: String {
-      recursiveRedactedDescription(of: self)
-    }
   }
 
-  public struct FallbackBuildSystemOptions: Sendable, Codable, Equatable, CustomLogStringConvertible {
+  public struct FallbackBuildSystemOptions: Sendable, Codable, Equatable {
     public var cCompilerFlags: [String]?
     public var cxxCompilerFlags: [String]?
     public var swiftCompilerFlags: [String]?
@@ -157,17 +141,9 @@ public struct SourceKitLSPOptions: Sendable, Codable, Equatable, CustomLogString
         sdk: override?.sdk ?? base.sdk
       )
     }
-
-    public var description: String {
-      recursiveDescription(of: self)
-    }
-
-    public var redactedDescription: String {
-      recursiveRedactedDescription(of: self)
-    }
   }
 
-  public struct IndexOptions: Sendable, Codable, Equatable, CustomLogStringConvertible {
+  public struct IndexOptions: Sendable, Codable, Equatable {
     public var indexStorePath: String?
     public var indexDatabasePath: String?
     public var indexPrefixMap: [String: String]?
@@ -210,17 +186,9 @@ public struct SourceKitLSPOptions: Sendable, Codable, Equatable, CustomLogString
         updateIndexStoreTimeout: override?.updateIndexStoreTimeout ?? base.updateIndexStoreTimeout
       )
     }
-
-    public var description: String {
-      recursiveDescription(of: self)
-    }
-
-    public var redactedDescription: String {
-      recursiveRedactedDescription(of: self)
-    }
   }
 
-  public struct LoggingOptions: Sendable, Codable, Equatable, CustomLogStringConvertible {
+  public struct LoggingOptions: Sendable, Codable, Equatable {
     /// The level from which one onwards log messages should be written.
     public var level: String?
     /// Whether potentially sensitive information should be redacted.
@@ -240,14 +208,6 @@ public struct SourceKitLSPOptions: Sendable, Codable, Equatable, CustomLogString
         privacyLevel: override?.privacyLevel ?? base.privacyLevel
       )
     }
-
-    public var description: String {
-      recursiveDescription(of: self)
-    }
-
-    public var redactedDescription: String {
-      recursiveRedactedDescription(of: self)
-    }
   }
 
   public enum BackgroundPreparationMode: String {
@@ -477,10 +437,10 @@ public struct SourceKitLSPOptions: Sendable, Codable, Equatable, CustomLogString
   }
 
   public var description: String {
-    recursiveDescription(of: self)
+    self.prettyPrintedJSON
   }
 
   public var redactedDescription: String {
-    recursiveRedactedDescription(of: self)
+    self.prettyPrintedRedactedJSON
   }
 }

Tests/SKLoggingTests/LoggingTests.swift

@@ -212,46 +212,4 @@ final class LoggingTests: XCTestCase {
       $0.log("got \(LogStringConvertible().forLogging)")
     }
   }
-
-  func testRecursiveRedactedDescription() {
-    struct Outer {
-      struct Inner {
-        var publicValue: Int
-        var redactedValue: String
-      }
-      var inner: Inner
-    }
-
-    XCTAssertEqual(
-      recursiveRedactedDescription(of: Outer(inner: Outer.Inner(publicValue: 42, redactedValue: "password"))),
-      """
-      {inner: {publicValue: 42, redactedValue: MD5 digest: 5f4dcc3b5aa765d61d8327deb882cf99}}
-      """
-    )
-
-    XCTAssertEqual(recursiveRedactedDescription(of: (nil as Int?) as Any), "nil")
-
-    XCTAssertEqual(recursiveRedactedDescription(of: (42 as Int?) as Any), "42")
-
-    XCTAssertEqual(
-      recursiveRedactedDescription(of: ("abc" as String?) as Any),
-      "MD5 digest: 900150983cd24fb0d6963f7d28e17f72"
-    )
-
-    struct Something: CustomLogStringConvertible {
-      let x = 1
-      let y = "hi"
-
-      var redactedDescription: String {
-        recursiveRedactedDescription(of: self)
-      }
-
-      var description: String { "" }
-    }
-
-    XCTAssertEqual(
-      Something().redactedDescription,
-      "{x: 1, y: MD5 digest: 49f68a5c8493ec2c0bf489821c21fc3b}"
-    )
-  }
 }