Remove sensitive data from analytics (#1563)

* Analytics: Anonymize the file path of the location of a panic * Remove git_branch from analytics
rerun-io · Mar 13, 2023 · dea09f7 · dea09f7
1 parent e0655be
commit dea09f7
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 5 deletions.
diff --git a/crates/re_analytics/src/lib.rs b/crates/re_analytics/src/lib.rs
@@ -106,10 +106,11 @@ impl Event {
 
     /// Adds Rerun version, git hash, build date and similar as properties to the event.
     pub fn with_build_info(self, build_info: &re_build_info::BuildInfo) -> Event {
+        // We intentionally don't include the branch name, because it can contain sensitive user-stuff.
+
         self.with_prop("rerun_version", build_info.version.to_string())
             .with_prop("target", build_info.target_triple)
             .with_prop("git_hash", build_info.git_hash_or_tag())
-            .with_prop("git_branch", build_info.git_branch)
             .with_prop("build_date", build_info.datetime)
             .with_prop("debug", cfg!(debug_assertions)) // debug-build?
             .with_prop("rerun_workspace", build_info.is_in_rerun_workspace)

diff --git a/crates/rerun/src/crash_handler.rs b/crates/rerun/src/crash_handler.rs
@@ -39,12 +39,24 @@ fn install_panic_hook(build_info: BuildInfo) {
                 let mut event = re_analytics::Event::append("crash-panic")
                     .with_build_info(&build_info)
                     .with_prop("callstack", callstack);
+
+                let include_panic_message = false; // Don't include it, because it can contain sensitive information (`panic!("Couldn't read {file_path}")`)
+                if include_panic_message {
+                    // `panic_info.message` is unstable, so this is the recommended way of getting
+                    // the panic message out. We need both the `&str` and `String` variants.
+                    if let Some(msg) = panic_info.payload().downcast_ref::<&str>() {
+                        event = event.with_prop("message", *msg);
+                    } else if let Some(msg) = panic_info.payload().downcast_ref::<String>() {
+                        event = event.with_prop("message", msg.clone());
+                    }
+                }
+
                 if let Some(location) = panic_info.location() {
-                    event = event.with_prop(
-                        "location",
-                        format!("{}:{}", location.file(), location.line()),
-                    );
+                    let file =
+                        anonymize_source_file_path(&std::path::PathBuf::from(location.file()));
+                    event = event.with_prop("location", format!("{file}:{}", location.line()));
                 }
+
                 analytics.record(event);
 
                 std::thread::sleep(std::time::Duration::from_secs(1)); // Give analytics time to send the event