[tor-bugs] #9170 [Flashproxy]: Don't log IP addresses by default in flashproxy.js

[Tor Bug Tracker & Wiki]

#9170: Don't log IP addresses by default in flashproxy.js
------------------------+---------------------------------------------------
 Reporter:  dcf         |          Owner:  dcf           
     Type:  defect      |         Status:  needs_revision
 Priority:  major       |      Milestone:                
Component:  Flashproxy  |        Version:                
 Keywords:              |         Parent:                
   Points:              |   Actualpoints:                
------------------------+---------------------------------------------------
Changes (by dcf):

  * status:  needs_review => needs_revision


Comment:

 Make the global variable use positive logic: call it `SAFE_LOGGING` rather
 than `UNSAFE_LOGGING`. Make it take the opposite of the query string
 `unsafe_logging` boolean. Compare with logic in e.g. flashproxy-client.
 The `SAFE_LOGGING` global is because I don't like booleans that have a
 "not" built into their name. The `unsafe_logging` parameter is because I
 want people to have to type the word "unsafe".

 Make a `safe_repr` function instead of calling `repr` on a `safe_obj`.
 Just make `safe_repr` return "[scrubbed]" for the whole object, don't look
 inside at the keys.

 Don't try to sanitize the URL with a regex. Just print a URL that is the
 same minus the query string (i.e., "https://fp-facilitator.org/"). If you
 need another call to `build_url` that's fine.

 I'm now thinking that we should scrub the relay address as well. Someone
 may be using a private bridge or something.

 Did you find any other places where a client address could be logged?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9170#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online