anonymizer_tool: Added pattern to remove usbguard serial numbers.

The usbguard-daemon prints serial numbers of USB devices to /var/log/messages. This change adds a pattern to anonymize those serial numbers to prevent leaking PII. BUG=None TEST=Generate a report with logs and verify usbguard-daemon log lines are properly anonymized. Signed-off-by: Allen Webb <allenwebb@google.com> Change-Id: Ifd41c8208b4d14bb3fafbf38198b04da6a8babd6 Reviewed-on: https://chromium-review.googlesource.com/1160935Reviewed-by: Rahul Chaturvedi <rkc@chromium.org> Reviewed-by: Mattias Nissler <mnissler@chromium.org> Cr-Commit-Position: refs/heads/master@{#580946}

anonymizer_tool: Added pattern to remove usbguard serial numbers.
The usbguard-daemon prints serial numbers of USB devices to /var/log/messages. This change adds a pattern to anonymize those serial numbers to prevent leaking PII. BUG=None TEST=Generate a report with logs and verify usbguard-daemon log lines are properly anonymized. Signed-off-by: Allen Webb <allenwebb@google.com> Change-Id: Ifd41c8208b4d14bb3fafbf38198b04da6a8babd6 Reviewed-on: https://chromium-review.googlesource.com/1160935Reviewed-by: Rahul Chaturvedi <rkc@chromium.org> Reviewed-by: Mattias Nissler <mnissler@chromium.org> Cr-Commit-Position: refs/heads/master@{#580946}
098b2caf · Allen Webb · Commit Bot · 55273237 · 098b2caf · 098b2caf
Commit 098b2caf authored Aug 06, 2018 by Allen Webb Committed by Commit Bot Aug 06, 2018
Showing with 22 additions and 0 deletions

components/feedback/anonymizer_tool.cc components/feedback/anonymizer_tool.cc +3 -0

components/feedback/anonymizer_tool_unittest.cc components/feedback/anonymizer_tool_unittest.cc +19 -0

No files found.
--- a/components/feedback/anonymizer_tool.cc
+++ b/components/feedback/anonymizer_tool.cc
@@ -55,6 +55,9 @@ constexpr const char* kCustomPatternsWithContext[] = {
    // Serial numbers
    "(?i-s)(serial\\s*(?:number)?\\s*[:=]\\s*)([0-9a-zA-Z\\-\"]+)()",
+    // usbguard-daemon
+    "(?-s)(usbguard-daemon.* serial \")(.*)(\" name \")",
 };
 // Helper macro: Non capturing group

--- a/components/feedback/anonymizer_tool_unittest.cc
+++ b/components/feedback/anonymizer_tool_unittest.cc
@@ -165,6 +165,25 @@ TEST_F(AnonymizerToolTest, AnonymizeCustomPatterns) {
  // Test that "Android:" is not considered a schema with empty hier part.
  EXPECT_EQ("The following applies to Android:",
            AnonymizeCustomPatterns("The following applies to Android:"));
+  EXPECT_EQ(
+      "2000-01-01T01:00:00.123456-00:00 NOTICE usbguard-daemon[5000]: uid=0 "
+      "pid=5000 result='SUCCESS' device.rule='block id 13fe:5500 serial "
+      "\"1\" name \"Patriot Memory\" hash "
+      "\"nrP2FU5Q0KDHJvqT4OFjvpA4Mu/ITEF+fMCMuXsTBs4=\" parent-hash "
+      "\"++ZNvxSmqWP6SLayt9yJSIHqUn0PKkvTNT/TVw0OKDE=\" via-port \"2-5\" "
+      "with-interface 08:06:50' target.old='block' "
+      "device.system_name='/devices/pci0000:00/0000:00:15.0/usb2/2-5' "
+      "target.new='block' type='Policy.Device.Update'",
+      AnonymizeCustomPatterns(
+          "2000-01-01T01:00:00.123456-00:00 NOTICE usbguard-daemon[5000]: "
+          "uid=0 pid=5000 result='SUCCESS' device.rule='block id 13fe:5500 "
+          "serial \"0609911A1Z199991\" name \"Patriot Memory\" hash "
+          "\"nrP2FU5Q0KDHJvqT4OFjvpA4Mu/ITEF+fMCMuXsTBs4=\" parent-hash "
+          "\"++ZNvxSmqWP6SLayt9yJSIHqUn0PKkvTNT/TVw0OKDE=\" via-port \"2-5\" "
+          "with-interface 08:06:50' target.old='block' "
+          "device.system_name='/devices/pci0000:00/0000:00:15.0/usb2/2-5' "
+          "target.new='block' type='Policy.Device.Update'"));
 }
 TEST_F(AnonymizerToolTest, AnonymizeCustomPatternWithContext) {