From a0a8b70bc17509405a0bd0d25581c5f26a0a5228 Mon Sep 17 00:00:00 2001 From: Cameron Gutman Date: Mon, 27 May 2024 22:02:02 -0400 Subject: [PATCH] Strip session keys and IVs from the logs Logging these isn't a major issue because they change each session and the privilege level to access the logs is the same as those to access the private key of Moonlight client itself, but there's also no good reason to log them either. --- app/main.cpp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/app/main.cpp b/app/main.cpp index 29b9ab3e..50c0e813 100644 --- a/app/main.cpp +++ b/app/main.cpp @@ -11,6 +11,7 @@ #include #include #include +#include // Don't let SDL hook our main function, since Qt is already // doing the same thing. This needs to be before any headers @@ -60,6 +61,8 @@ static QElapsedTimer s_LoggerTime; static QTextStream s_LoggerStream(stderr); static QMutex s_LoggerLock; static bool s_SuppressVerboseOutput; +static QRegularExpression k_RikeyRegex("&rikey=\\w+"); +static QRegularExpression k_RikeyIdRegex("&rikeyid=[\\d-]+"); #ifdef LOG_TO_FILE // Max log file size of 10 MB #define MAX_LOG_SIZE_BYTES (10 * 1024 * 1024) @@ -72,6 +75,10 @@ void logToLoggerStream(QString& message) { QMutexLocker lock(&s_LoggerLock); + // Strip session encryption keys and IVs from the logs + message.replace(k_RikeyRegex, "&rikey=REDACTED"); + message.replace(k_RikeyIdRegex, "&rikeyid=REDACTED"); + #ifdef LOG_TO_FILE if (s_LogLimitReached) { return;