Closed Bug 1626809 Opened 5 years ago Closed 5 years ago

disk-storage memory reporter does not properly anonymize

Categories

(Core :: Networking: Cache, defect, P2)

Product:
Core
Component:
Networking: Cache
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla77
Tracking Flags:
Tracking Status
firefox77 --- fixed

People

(Reporter: mccr8, Assigned: mayhemer)

Details

(Whiteboard: [necko-triaged])

Attachments

(1 file)

Bug 1626809 - Sanitize HTTP disk cache storage context key to prevent leak of private data like URLs, r=njn
47 bytes, text/x-phabricator-request
Details | Review

The reporter of bug 1626612 noticed that the cache memory reporter seems to include URLs even if the "anonymize" box is checked. The entries were like this (except with actual URLs instead of <some URL>):

5,841.42 MB (100.0%) -- explicit
├──4,754.89 MB (81.40%) -- network
│ ├──4,754.74 MB (81.40%) -- cache2
│ │ ├──3,012.85 MB (51.58%) ── disk-storage(O^userContextId=9&firstPartyDomain=<some URL>,)

Everything after disk-storage should probably be skipped of the report is anonymous.

There's also some memory-storage entries that are similar.

The code is here:

https://searchfox.org/mozilla-central/rev/7fba7adfcd695343236de0c12e8d384c9b7cd237/netwerk/cache2/CacheStorageService.cpp#2273-2281

There's a comment that says "These key names are not privacy-sensitive." but that does not seem to be the case.

Honza, can you take a look?

Flags: needinfo?(honzab.moz)
Priority: -- → P2
Whiteboard: [necko-triaged]

(In reply to Andrew McCreight [:mccr8] from comment #2)

The code is here:

https://searchfox.org/mozilla-central/rev/7fba7adfcd695343236de0c12e8d384c9b7cd237/netwerk/cache2/CacheStorageService.cpp#2273-2281

There's a comment that says "These key names are not privacy-sensitive." but that does not seem to be the case.

It's no longer truth, apparently. The easiest will probably be to not show the key at all. Showing a hash or an order number is not useful. Other option would be to do some kind of a regexp replace for URLs but it's not safe enough IMO.

Assignee: nobody → honzab.moz
Status: NEW → ASSIGNED
Flags: needinfo?(honzab.moz)
Attachment #9138146 - Attachment description: Bug 1626809 - Sanitize HTTP disk cache storage context key to prevent leak of private data like URLs, r=michal → Bug 1626809 - Sanitize HTTP disk cache storage context key to prevent leak of private data like URLs, r=njn
Pushed by honzab.moz@firemni.cz: https://hg.mozilla.org/integration/autoland/rev/eba8610ac79b Sanitize HTTP disk cache storage context key to prevent leak of private data like URLs, r=njn

https://hg.mozilla.org/mozilla-central/rev/eba8610ac79b

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox77: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla77
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: