From 780bb6152c4e7c959d694c12775d6df3378bcd84 Mon Sep 17 00:00:00 2001 From: Kayos Date: Mon, 25 May 2026 14:11:00 -0700 Subject: [PATCH] vc=37 (rust): scrub PII from strawcore info-logs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CVE round-2 HIGH-2: android_logger is configured at info-level in release builds, so log::info!('strawcore::search query={}', query) emits the user's actual search query to logcat. LogDump.scrubLine's regex only catches googlevideo URLs + signed params — bare search text rides through into a Settings → Export Logs share-sheet attachment intact. Same for channel_info / stream_info URLs. Replaced the value-bearing logs with shape-only (query_len / input_len). The shape is enough to debug 'why did the search return empty?' without the privacy hit. --- rust/strawcore/src/channel.rs | 2 +- rust/strawcore/src/search.rs | 7 ++++++- rust/strawcore/src/stream.rs | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/rust/strawcore/src/channel.rs b/rust/strawcore/src/channel.rs index 67d48b8a9..3434905e5 100644 --- a/rust/strawcore/src/channel.rs +++ b/rust/strawcore/src/channel.rs @@ -23,7 +23,7 @@ pub struct ChannelInfo { #[uniffi::export(async_runtime = "tokio")] pub async fn channel_info(input: String) -> Result { - log::info!("strawcore::channel_info input={}", input); + log::info!("strawcore::channel_info input_len={}", input.len()); let identifier = resolve_channel_identifier(&input)?; let core = tokio::task::spawn_blocking(move || core_channel_info(identifier)) .await diff --git a/rust/strawcore/src/search.rs b/rust/strawcore/src/search.rs index b85b7ce7f..0a693ff61 100644 --- a/rust/strawcore/src/search.rs +++ b/rust/strawcore/src/search.rs @@ -54,7 +54,12 @@ pub(crate) fn from_core(item: StreamInfoItem) -> SearchItem { #[uniffi::export(async_runtime = "tokio")] pub async fn search(query: String) -> Result, StrawcoreError> { - log::info!("strawcore::search query={}", query); + // Don't log the query itself — searches are PII (sometimes + // names, sometimes embarrassing) and android_logger emits at + // info-level in release builds, which means they'd ride the + // Settings → Export Logs path straight into a user's chat. Log + // shape, not content. vc=36 audit CVE HIGH-2. + log::info!("strawcore::search query_len={}", query.len()); let result = tokio::task::spawn_blocking(move || { search_extractor::search(&query, SearchFilter::Videos) }) diff --git a/rust/strawcore/src/stream.rs b/rust/strawcore/src/stream.rs index 7a4ce6839..73da83e58 100644 --- a/rust/strawcore/src/stream.rs +++ b/rust/strawcore/src/stream.rs @@ -57,7 +57,7 @@ pub struct AudioStreamItem { #[uniffi::export(async_runtime = "tokio")] pub async fn stream_info(input: String) -> Result { - log::info!("strawcore::stream_info input={}", input); + log::info!("strawcore::stream_info input_len={}", input.len()); let video_id = resolve_video_id(&input)?; let video_id_for_call = video_id.clone(); let core = tokio::task::spawn_blocking(move || core_stream_info(&video_id_for_call))