Closed Bug 1637163 Opened 5 years ago Closed 4 years ago

FxA WebChannel errors can contain personal info, such as profile directory path, that gets forwarded to sentry

Categories

(Firefox :: Firefox Accounts, defect)

Product:
Firefox
Component:
Firefox Accounts
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Firefox 79
Tracking Flags:
Tracking Status
firefox79 --- fixed

People

(Reporter: rfkelly, Assigned: vladikoff)

Details

Attachments

(1 file)

Bug 1637163 - Redact details in WebChannel errors. r=rfkelly
47 bytes, text/x-phabricator-request
Details | Review

Poking around in the sentry errors logged by accounts.firefox.com, I noticed a collection of errors with a message of the following form:

WebChannel error: Win error NN during operation rename on file FILE\PATH\signedInUser.json (specific error message in user's native locale)

Here are some examples of individual errors.

The FILE\PATH component of the message typically contains the user's windows account username, which might reasonably be considered PII, which I'm not sure we're comfortable sharing with a third-party service like sentry.

I think we should try to clean these up, both because of the personal information, and because having them in sentry as hundreds of slightly different error messages doesn't help us understand the prevalence of the underlying error. But it's not clear to me what code should be responsible for doing said cleanup. Should Firefox try to clean up error messages before returning them to accounts.firefox.com via the webchannel? Should FxA try to clean them up before forwarding to sentry?

Adding a few folks who may have opinions on the matter.

The severity field is not set for this bug.
:markh, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(markh)

In the sync telemetry ping, we strip this stuff out like this: https://searchfox.org/mozilla-central/source/services/sync/modules/telemetry.js#535-550 (the heavy lifting done by this regex https://searchfox.org/mozilla-central/source/services/sync/modules/telemetry.js#114, which admittely doesn't really need to be a regex so much as replacement).

The function that generates the error string in this case is here:

So I think we could profitably add this bit of cleaning up in that location.

Assignee: nobody → vlad
Status: NEW → ASSIGNED
Pushed by vlad@vladikoff.com: https://hg.mozilla.org/integration/autoland/rev/b1113499383d Redact details in WebChannel errors. r=rfkelly

https://hg.mozilla.org/mozilla-central/rev/b1113499383d

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox79: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 79
Flags: needinfo?(markh)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: