Added a whitelist for trace events that are known to have args without PII.

Companion CL: https://codereview.chromium.org/1067233002/ R=nduca,davidben,jam BUG=466769 Review URL: https://codereview.chromium.org/1115343002 Cr-Commit-Position: refs/heads/master@{#330822}

Added a whitelist for trace events that are known to have args without PII.
Companion CL: https://codereview.chromium.org/1067233002/ R=nduca,davidben,jam BUG=466769 Review URL: https://codereview.chromium.org/1115343002 Cr-Commit-Position: refs/heads/master@{#330822}
678b1e5a · oysteine · Commit bot · d4c266ca · 678b1e5a · 678b1e5a
Commit 678b1e5a authored May 20, 2015 by oysteine Committed by Commit bot May 20, 2015
9 changed files
--- a/base/trace_event/trace_event_impl.cc
+++ b/base/trace_event/trace_event_impl.cc
@@ -68,6 +68,7 @@ const char kRecordAsMuchAsPossible[] = "record-as-much-as-possible";
 const char kTraceToConsole[] = "trace-to-console";
 const char kEnableSampling[] = "enable-sampling";
 const char kEnableSystrace[] = "enable-systrace";
+const char kEnableArgumentFilter[] = "enable-argument-filter";

 // Controls the number of trace events we will buffer in-memory
 // before throwing them away.
@@ -695,34 +696,45 @@ void TraceEvent::AppendValueAsJSON(unsigned char type,
  }
 }

-void TraceEvent::AppendAsJSON(std::string* out) const {
+void TraceEvent::AppendAsJSON(
+    std::string* out,
+    const ArgumentFilterPredicate& argument_filter_predicate) const {
  int64 time_int64 = timestamp_.ToInternalValue();
  int process_id = TraceLog::GetInstance()->process_id();
+  const char* category_group_name =
+      TraceLog::GetCategoryGroupName(category_group_enabled_);
+
  // Category group checked at category creation time.
  DCHECK(!strchr(name_, '"'));
-  StringAppendF(out,
-      "{\"pid\":%i,\"tid\":%i,\"ts\":%" PRId64 ","
-      "\"ph\":\"%c\",\"cat\":\"%s\",\"name\":\"%s\",\"args\":{",
-      process_id,
-      thread_id_,
-      time_int64,
-      phase_,
-      TraceLog::GetCategoryGroupName(category_group_enabled_),
-      name_);
+  StringAppendF(out, "{\"pid\":%i,\"tid\":%i,\"ts\":%" PRId64
+                     ","
+                     "\"ph\":\"%c\",\"cat\":\"%s\",\"name\":\"%s\",\"args\":{",
+                process_id, thread_id_, time_int64, phase_, category_group_name,
+                name_);

  // Output argument names and values, stop at first NULL argument name.
-  for (int i = 0; i < kTraceMaxNumArgs && arg_names_[i]; ++i) {
-    if (i > 0)
-      *out += ",";
-    *out += "\"";
-    *out += arg_names_[i];
-    *out += "\":";
-
-    if (arg_types_[i] == TRACE_VALUE_TYPE_CONVERTABLE)
-      convertable_values_[i]->AppendAsTraceFormat(out);
-    else
-      AppendValueAsJSON(arg_types_[i], arg_values_[i], out);
+  if (arg_names_[0]) {
+    bool allow_args = argument_filter_predicate.is_null() ||
+                      argument_filter_predicate.Run(category_group_name, name_);
+
+    if (allow_args) {
+      for (int i = 0; i < kTraceMaxNumArgs && arg_names_[i]; ++i) {
+        if (i > 0)
+          *out += ",";
+        *out += "\"";
+        *out += arg_names_[i];
+        *out += "\":";
+
+        if (arg_types_[i] == TRACE_VALUE_TYPE_CONVERTABLE)
+          convertable_values_[i]->AppendAsTraceFormat(out);
+        else
+          AppendValueAsJSON(arg_types_[i], arg_values_[i], out);
+      }
+    } else {
+      *out += "\"stripped\":1";
+    }
  }
+
  *out += "}";

  if (phase_ == TRACE_EVENT_PHASE_COMPLETE) {
@@ -1003,6 +1015,8 @@ bool TraceOptions::SetFromString(const std::string& options_string) {
      enable_sampling = true;
    } else if (*iter == kEnableSystrace) {
      enable_systrace = true;
+    } else if (*iter == kEnableArgumentFilter) {
+      enable_argument_filter = true;
    } else {
      return false;
    }
@@ -1032,6 +1046,8 @@ std::string TraceOptions::ToString() const {
    ret = ret + "," + kEnableSampling;
  if (enable_systrace)
    ret = ret + "," + kEnableSystrace;
+  if (enable_argument_filter)
+    ret = ret + "," + kEnableArgumentFilter;
  return ret;
 }

@@ -1486,10 +1502,20 @@ void TraceLog::SetEnabled(const CategoryFilter& category_filter,
  }
 }

+void TraceLog::SetArgumentFilterPredicate(
+    const TraceEvent::ArgumentFilterPredicate& argument_filter_predicate) {
+  AutoLock lock(lock_);
+  DCHECK(!argument_filter_predicate.is_null());
+  DCHECK(argument_filter_predicate_.is_null());
+  argument_filter_predicate_ = argument_filter_predicate;
+}
+
 TraceLog::InternalTraceOptions TraceLog::GetInternalOptionsFromTraceOptions(
    const TraceOptions& options) {
  InternalTraceOptions ret =
      options.enable_sampling ? kInternalEnableSampling : kInternalNone;
+  if (options.enable_argument_filter)
+    ret |= kInternalEnableArgumentFilter;
  switch (options.record_mode) {
    case RECORD_UNTIL_FULL:
      return ret | kInternalRecordUntilFull;
@@ -1513,6 +1539,7 @@ TraceOptions TraceLog::GetCurrentTraceOptions() const {
  TraceOptions ret;
  InternalTraceOptions option = trace_options();
  ret.enable_sampling = (option & kInternalEnableSampling) != 0;
+  ret.enable_argument_filter = (option & kInternalEnableArgumentFilter) != 0;
  if (option & kInternalRecordUntilFull)
    ret.record_mode = RECORD_UNTIL_FULL;
  else if (option & kInternalRecordContinuously)
@@ -1756,8 +1783,8 @@ void TraceLog::Flush(const TraceLog::OutputCallback& cb,
 // Usually it runs on a different thread.
 void TraceLog::ConvertTraceEventsToTraceFormat(
    scoped_ptr<TraceBuffer> logged_events,
-    const TraceLog::OutputCallback& flush_output_callback) {
-
+    const OutputCallback& flush_output_callback,
+    const TraceEvent::ArgumentFilterPredicate& argument_filter_predicate) {
  if (flush_output_callback.is_null())
    return;

@@ -1776,7 +1803,8 @@ void TraceLog::ConvertTraceEventsToTraceFormat(
      for (size_t j = 0; j < chunk->size(); ++j) {
        if (json_events_str_ptr->size())
          json_events_str_ptr->data().append(",\n");
-        chunk->GetEventAt(j)->AppendAsJSON(&(json_events_str_ptr->data()));
+        chunk->GetEventAt(j)->AppendAsJSON(&(json_events_str_ptr->data()),
+                                           argument_filter_predicate);
      }
    }
    flush_output_callback.Run(json_events_str_ptr, has_more_events);
@@ -1786,6 +1814,7 @@ void TraceLog::ConvertTraceEventsToTraceFormat(
 void TraceLog::FinishFlush(int generation) {
  scoped_ptr<TraceBuffer> previous_logged_events;
  OutputCallback flush_output_callback;
+  TraceEvent::ArgumentFilterPredicate argument_filter_predicate;

  if (!CheckGeneration(generation))
    return;
@@ -1800,20 +1829,25 @@ void TraceLog::FinishFlush(int generation) {
    flush_task_runner_ = NULL;
    flush_output_callback = flush_output_callback_;
    flush_output_callback_.Reset();
+
+    if (trace_options() & kInternalEnableArgumentFilter) {
+      CHECK(!argument_filter_predicate_.is_null());
+      argument_filter_predicate = argument_filter_predicate_;
+    }
  }

  if (use_worker_thread_ &&
      WorkerPool::PostTask(
-          FROM_HERE,
-          Bind(&TraceLog::ConvertTraceEventsToTraceFormat,
-               Passed(&previous_logged_events),
-               flush_output_callback),
+          FROM_HERE, Bind(&TraceLog::ConvertTraceEventsToTraceFormat,
+                          Passed(&previous_logged_events),
+                          flush_output_callback, argument_filter_predicate),
          true)) {
    return;
  }

  ConvertTraceEventsToTraceFormat(previous_logged_events.Pass(),
-                                  flush_output_callback);
+                                  flush_output_callback,
+                                  argument_filter_predicate);
 }

 // Run in each thread holding a local event buffer.
@@ -1863,6 +1897,7 @@ void TraceLog::OnFlushTimeout(int generation) {
 void TraceLog::FlushButLeaveBufferIntact(
    const TraceLog::OutputCallback& flush_output_callback) {
  scoped_ptr<TraceBuffer> previous_logged_events;
+  TraceEvent::ArgumentFilterPredicate argument_filter_predicate;
  {
    AutoLock lock(lock_);
    AddMetadataEventsWhileLocked();
@@ -1872,10 +1907,16 @@ void TraceLog::FlushButLeaveBufferIntact(
                                  thread_shared_chunk_.Pass());
    }
    previous_logged_events = logged_events_->CloneForIteration().Pass();
+
+    if (trace_options() & kInternalEnableArgumentFilter) {
+      CHECK(!argument_filter_predicate_.is_null());
+      argument_filter_predicate = argument_filter_predicate_;
+    }
  }  // release lock

  ConvertTraceEventsToTraceFormat(previous_logged_events.Pass(),
-                                  flush_output_callback);
+                                  flush_output_callback,
+                                  argument_filter_predicate);
 }

 void TraceLog::UseNextTraceBuffer() {

--- a/base/trace_event/trace_event_impl.h
+++ b/base/trace_event/trace_event_impl.h
@@ -123,7 +123,11 @@ class BASE_EXPORT TraceEvent {
  void UpdateDuration(const TimeTicks& now, const TimeTicks& thread_now);

  // Serialize event data to JSON
-  void AppendAsJSON(std::string* out) const;
+  typedef base::Callback<bool(const char* category_group_name,
+                              const char* event_name)> ArgumentFilterPredicate;
+  void AppendAsJSON(
+      std::string* out,
+      const ArgumentFilterPredicate& argument_filter_predicate) const;
  void AppendPrettyPrinted(std::ostringstream* out) const;

  static void AppendValueAsJSON(unsigned char type,
@@ -384,12 +388,14 @@ struct BASE_EXPORT TraceOptions {
  TraceOptions()
      : record_mode(RECORD_UNTIL_FULL),
        enable_sampling(false),
-        enable_systrace(false) {}
+        enable_systrace(false),
+        enable_argument_filter(false) {}

  explicit TraceOptions(TraceRecordMode record_mode)
      : record_mode(record_mode),
        enable_sampling(false),
-        enable_systrace(false) {}
+        enable_systrace(false),
+        enable_argument_filter(false) {}

  // |options_string| is a comma-delimited list of trace options.
  // Possible options are: "record-until-full", "record-continuously",
@@ -420,6 +426,7 @@ struct BASE_EXPORT TraceOptions {
  TraceRecordMode record_mode;
  bool enable_sampling;
  bool enable_systrace;
+  bool enable_argument_filter;
 };

 struct BASE_EXPORT TraceLogStatus {
@@ -533,6 +540,8 @@ class BASE_EXPORT TraceLog {
  void SetEventCallbackEnabled(const CategoryFilter& category_filter,
                               EventCallback cb);
  void SetEventCallbackDisabled();
+  void SetArgumentFilterPredicate(
+      const TraceEvent::ArgumentFilterPredicate& argument_filter_predicate);

  // Flush all collected events to the given output callback. The callback will
  // be called one or more times either synchronously or asynchronously from
@@ -720,7 +729,8 @@ class BASE_EXPORT TraceLog {
  // Usually it runs on a different thread.
  static void ConvertTraceEventsToTraceFormat(
      scoped_ptr<TraceBuffer> logged_events,
-      const TraceLog::OutputCallback& flush_output_callback);
+      const TraceLog::OutputCallback& flush_output_callback,
+      const TraceEvent::ArgumentFilterPredicate& argument_filter_predicate);
  void FinishFlush(int generation);
  void OnFlushTimeout(int generation);

@@ -747,6 +757,7 @@ class BASE_EXPORT TraceLog {
  static const InternalTraceOptions kInternalEchoToConsole;
  static const InternalTraceOptions kInternalEnableSampling;
  static const InternalTraceOptions kInternalRecordAsMuchAsPossible;
+  static const InternalTraceOptions kInternalEnableArgumentFilter;

  // This lock protects TraceLog member accesses (except for members protected
  // by thread_info_lock_) from arbitrary threads.
@@ -811,6 +822,7 @@ class BASE_EXPORT TraceLog {
  // Set when asynchronous Flush is in progress.
  OutputCallback flush_output_callback_;
  scoped_refptr<SingleThreadTaskRunner> flush_task_runner_;
+  TraceEvent::ArgumentFilterPredicate argument_filter_predicate_;
  subtle::AtomicWord generation_;
  bool use_worker_thread_;


--- a/base/trace_event/trace_event_impl_constants.cc
+++ b/base/trace_event/trace_event_impl_constants.cc
@@ -23,6 +23,8 @@ const TraceLog::InternalTraceOptions
    TraceLog::kInternalEchoToConsole = 1 << 3;
 const TraceLog::InternalTraceOptions
    TraceLog::kInternalRecordAsMuchAsPossible = 1 << 4;
+const TraceLog::InternalTraceOptions
+    TraceLog::kInternalEnableArgumentFilter = 1 << 5;

 }  // namespace trace_event
 }  // namespace base
--- a/base/trace_event/trace_event_unittest.cc
+++ b/base/trace_event/trace_event_unittest.cc
@@ -2205,6 +2205,52 @@ TEST_F(TraceEventTestFixture, PrimitiveArgs) {
  EXPECT_EQ(1, int_value);
 }

+namespace {
+
+bool IsTraceEventArgsWhitelisted(const char* category_group_name,
+                                 const char* event_name) {
+  if (MatchPattern(category_group_name, "toplevel") &&
+      MatchPattern(event_name, "*")) {
+    return true;
+  }
+
+  return false;
+}
+
+}  // namespace
+
+TEST_F(TraceEventTestFixture, ArgsWhitelisting) {
+  TraceLog::GetInstance()->SetArgumentFilterPredicate(
+      base::Bind(&IsTraceEventArgsWhitelisted));
+
+  TraceOptions trace_options;
+  trace_options.enable_argument_filter = true;
+  TraceLog::GetInstance()->SetEnabled(CategoryFilter("*"),
+                                      TraceLog::RECORDING_MODE, trace_options);
+
+  TRACE_EVENT1("toplevel", "event1", "int_one", 1);
+  TRACE_EVENT1("whitewashed", "event2", "int_two", 1);
+  EndTraceAndFlush();
+
+  const DictionaryValue* args_dict = NULL;
+  DictionaryValue* dict = NULL;
+  int int_value;
+
+  dict = FindNamePhase("event1", "X");
+  ASSERT_TRUE(dict);
+  dict->GetDictionary("args", &args_dict);
+  ASSERT_TRUE(args_dict);
+  EXPECT_TRUE(args_dict->GetInteger("int_one", &int_value));
+  EXPECT_EQ(1, int_value);
+
+  dict = FindNamePhase("event2", "X");
+  ASSERT_TRUE(dict);
+  dict->GetDictionary("args", &args_dict);
+  ASSERT_TRUE(args_dict);
+  EXPECT_FALSE(args_dict->GetInteger("int_two", &int_value));
+  EXPECT_TRUE(args_dict->GetInteger("stripped", &int_value));
+}
+
 class TraceEventCallbackTest : public TraceEventTestFixture {
 public:
  void SetUp() override {

--- a/chrome/app/chrome_main_delegate.cc
+++ b/chrome/app/chrome_main_delegate.cc
@@ -16,6 +16,7 @@
 #include "base/process/memory.h"
 #include "base/process/process_handle.h"
 #include "base/strings/string_util.h"
+#include "base/trace_event/trace_event_impl.h"
 #include "build/build_config.h"
 #include "chrome/browser/chrome_content_browser_client.h"
 #include "chrome/browser/defaults.h"
@@ -30,6 +31,7 @@
 #include "chrome/common/logging_chrome.h"
 #include "chrome/common/profiling.h"
 #include "chrome/common/switch_utils.h"
+#include "chrome/common/trace_event_args_whitelist.h"
 #include "chrome/common/url_constants.h"
 #include "chrome/plugin/chrome_content_plugin_client.h"
 #include "chrome/renderer/chrome_content_renderer_client.h"
@@ -438,6 +440,9 @@ bool ChromeMainDelegate::BasicStartupComplete(int* exit_code) {

  Profiling::ProcessStarted();

+  base::trace_event::TraceLog::GetInstance()->SetArgumentFilterPredicate(
+      base::Bind(&IsTraceEventArgsWhitelisted));
+
 #if defined(OS_WIN)
  v8_breakpad_support::SetUp();
 #endif

--- a/chrome/chrome_common.gypi
+++ b/chrome/chrome_common.gypi
@@ -110,6 +110,8 @@
      'common/spellcheck_result.h',
      'common/switch_utils.cc',
      'common/switch_utils.h',
+      'common/trace_event_args_whitelist.cc',
+      'common/trace_event_args_whitelist.h',
      'common/tts_messages.h',
      'common/tts_utterance_request.cc',
      'common/tts_utterance_request.h',

--- a/chrome/common/OWNERS
+++ b/chrome/common/OWNERS
@@ -58,3 +58,8 @@ per-file autocomplete_match_type.*=mpearson@chromium.org
 per-file autocomplete_match_type.*=pkasting@chromium.org
 per-file autocomplete_match_type.*=sky@chromium.org
 per-file crash_keys*=rsesek@chromium.org
+
+# Tracing
+per-file trace_event_args_whitelist*=nduca@chromium.org
+per-file trace_event_args_whitelist*=dsinclair@chromium.org
+per-file trace_event_args_whitelist*=oysteine@chromium.org
--- a/chrome/common/trace_event_args_whitelist.cc
+++ b/chrome/common/trace_event_args_whitelist.cc
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/common/trace_event_args_whitelist.h"
+
+#include "base/strings/string_tokenizer.h"
+#include "base/strings/string_util.h"
+
+namespace {
+
+const char* const kEventArgsWhitelist[][2] = {{"toplevel", "*"},
+                                              {"__metadata", "thread_name"},
+                                              {NULL, NULL}};
+
+}  // namespace
+
+bool IsTraceEventArgsWhitelisted(const char* category_group_name,
+                                 const char* event_name) {
+  base::CStringTokenizer category_group_tokens(
+      category_group_name, category_group_name + strlen(category_group_name),
+      ",");
+  while (category_group_tokens.GetNext()) {
+    const std::string& category_group_token = category_group_tokens.token();
+    for (int i = 0; kEventArgsWhitelist[i][0] != NULL; ++i) {
+      DCHECK(kEventArgsWhitelist[i][1]);
+
+      if (MatchPattern(category_group_token.c_str(),
+                       kEventArgsWhitelist[i][0]) &&
+          MatchPattern(event_name, kEventArgsWhitelist[i][1])) {
+        return true;
+      }
+    }
+  }
+
+  return false;
+}
--- a/chrome/common/trace_event_args_whitelist.h
+++ b/chrome/common/trace_event_args_whitelist.h
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_COMMON_TRACE_EVENT_ARGS_WHITELIST_H_
+#define CHROME_COMMON_TRACE_EVENT_ARGS_WHITELIST_H_
+
+// Used to filter trace event arguments against a whitelist of events that
+// have been manually vetted to not include any PII.
+bool IsTraceEventArgsWhitelisted(const char* category_group_name,
+                                 const char* event_name);
+
+#endif  // CHROME_COMMON_TRACE_EVENT_ARGS_WHITELIST_H_