Skip to content

Added warning about credentials in debug info #1457

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
May 13, 2025
Merged

Added warning about credentials in debug info #1457

merged 4 commits into from
May 13, 2025

Conversation

ArnyminerZ
Copy link
Member

Purpose

Logs may contain confidential information like passwords or Base64 encoded credentials, people may not know it.

Short description

Added a warning message in the debug information screen to let the user know that log messages can contain credentials, and that they should be really careful while sharing.

Screenshot

Screenshot_20250511_110633

Checklist

  • The PR has a proper title, description and label.
  • I have self-reviewed the PR.
  • I have added documentation to complex functions and functions that can be used by other modules.
  • I have added reasonable tests or consciously decided to not add tests.

@ArnyminerZ
Added warning about credentials in debug info
2da09a5 
Signed-off-by: Arnau Mora <arnyminerz@proton.me>
@ArnyminerZ ArnyminerZ self-assigned this May 11, 2025
@ArnyminerZ ArnyminerZ added the enhancement New feature or request label May 11, 2025
@ArnyminerZ ArnyminerZ linked an issue May 11, 2025 that may be closed by this pull request
Sanitize Debug Logs #1455
Closed
@ArnyminerZ ArnyminerZ marked this pull request as ready for review May 11, 2025 09:11
Copilot
Copilot AI reviewed May 11, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds a warning message to the debug information screen, alerting users that log messages may contain credentials.

  • Adds new string resources for a credentials warning.
  • Introduces a new CardWithImage in the DebugInfoScreen to display the warning, using a password icon.

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
app/src/main/res/values/strings.xml Added new string resources for the credentials warning message.
app/src/main/kotlin/at/bitfire/davdroid/ui/DebugInfoScreen.kt Inserts a new CardWithImage to show the credentials warning within the debug info screen.

@rfc2822 rfc2822 requested review from sunkup and removed request for rfc2822 May 11, 2025 11:37
@ArnyminerZ
Updated warning message
f7c0583 
Signed-off-by: Arnau Mora <arnyminerz@proton.me>
sunkup
sunkup previously approved these changes May 12, 2025
View reviewed changes
Copy link
Member

@sunkup sunkup left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. Not entirely sure if we should change the icon ... but I think it's fine like this.

@ArnyminerZ
Changed descriptive icon
bac84dd 
Signed-off-by: Arnau Mora <arnyminerz@proton.me>
@ArnyminerZ ArnyminerZ requested a review from sunkup May 12, 2025 09:47
sunkup
sunkup previously approved these changes May 13, 2025
View reviewed changes
Copy link
Member

@sunkup sunkup left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The privacy tip icon is probably what should be used here 👍

@sunkup sunkup requested a review from rfc2822 May 13, 2025 13:26
rfc2822
rfc2822 approved these changes May 13, 2025
View reviewed changes
Copy link
Member

@rfc2822 rfc2822 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have replaced the "alert" by "notice" to make it less negative/alarming

@rfc2822 rfc2822 merged commit fc10a31 into main-ose May 13, 2025
8 checks passed
@rfc2822 rfc2822 deleted the 1455-sanitize-debug-logs branch May 13, 2025 13:45
@mbiebl mbiebl mentioned this pull request Jun 9, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@rfc2822 rfc2822 rfc2822 approved these changes

@sunkup sunkup sunkup left review comments

@devvv4ever devvv4ever Awaiting requested review from devvv4ever

Assignees

@ArnyminerZ ArnyminerZ

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Sanitize Debug Logs
3 participants
@ArnyminerZ @rfc2822 @sunkup