• Bundle anonymization

      For sites with stringent security policies, there should be an option when generating a support bundle (or perhaps just a global setting applicable also to auto-generated bundles) that would search for mentions in all files of labels created by the customer which might reflect proprietary processes: job, folder, view, slave, and template names, slave labels, etc.

      The plugin would gather a list of all such labels, create randomized tokens, and produce a mapping so that a job AppBuild becomes Job_ayrzw. For labels with spaces or other special characters, which could have triggered bugs, the mapping should follow, so App ? Build should become Job_ayrzw ? X, and the mapping should also include encoded variants such as App%20%E2%86%92%20Build to Job_ayrzw%20%E2%86%92%20X and App%20%e2%86%92%20Build to Job_ayrzw%20%e2%86%92%20X.

      Then these substitutions would be applied to all files included in the support bundle, particularly log files and thread dumps.

      It is impossible to guarantee that customer text does not appear in some unusual context, e.g. an exception quoting a syntactically incorrect Groovy script, but these substitutions would sanitize the great majority of what the support bundle produces, and make it feasible for the customer to do a final inspection without needing to do much or any manual editing.

          [JENKINS-21670] Option to anonymize customer labels

          aheritier jglick Since the entities like job names does not have a specific format like network addresses do, how to find a string as such a name which is needed to be anatomized?

          Minudika Malshan added a comment - aheritier jglick Since the entities like job names does not have a specific format like network addresses do, how to find a string as such a name which is needed to be anatomized?

          Really good question cc schristou
          As we are running in Jenkins I think that the best is to use its APIs to find all kind of Jobs (Jenkins.instance.getAllItems...) and then to create a map to replace each name.
          We probably need to do the same for views, users/accounts, ....
          After this we need a mechanism of filter when we are getting logs, config files, ... to replace all orginal names by the "protected" value

          Arnaud Héritier added a comment - Really good question cc schristou As we are running in Jenkins I think that the best is to use its APIs to find all kind of Jobs (Jenkins.instance.getAllItems...) and then to create a map to replace each name. We probably need to do the same for views, users/accounts, .... After this we need a mechanism of filter when we are getting logs, config files, ... to replace all orginal names by the "protected" value

          Minudika Malshan added a comment - - edited

          aheritier What did you mean by "views"? Jenkins.getInstance().getViewActions() ?
          Also could you please tell me is there a way to get the information of users/accounts through API?

          jglick Is this https://github.com/kohsuke/wordnet-random-name random word generator available as a maven dependency? Or do we have to add that jar or classes to Support core plug-in project manually?
          Thanks a lot!

          Minudika Malshan added a comment - - edited aheritier What did you mean by "views"? Jenkins.getInstance().getViewActions() ? Also could you please tell me is there a way to get the information of users/accounts through API? jglick Is this https://github.com/kohsuke/wordnet-random-name random word generator available as a maven dependency? Or do we have to add that jar or classes to Support core plug-in project manually? Thanks a lot!

          Sam Gleske added a comment -

          User-defined list of expressions to search and replace can help with job names that have no convention. An enterprise may have keywords which they don't want leaked.

          Sam Gleske added a comment - User-defined list of expressions to search and replace can help with job names that have no convention. An enterprise may have keywords which they don't want leaked.

          Devin Nusbaum added a comment -

          To make sure that users understand that this feature is not guaranteed to anonymize all uses of confidential information, we should add a warning immediately before the "Generate Bundle" button that explains that the anonymization and encrypted secret masking are best-effort and that users should double-check and redact any confidential information before sending the bundle to a third party. We should also change the description for configuration file components from

          ... (Encrypted secrets are redacted)

          to

          ... (Encrypted secrets are redacted. See the <a href=#warning>warning</a> for details)

          Devin Nusbaum added a comment - To make sure that users understand that this feature is not guaranteed to anonymize all uses of confidential information, we should add a warning immediately before the "Generate Bundle" button that explains that the anonymization and encrypted secret masking are best-effort and that users should double-check and redact any confidential information before sending the bundle to a third party. We should also change the description for configuration file components from ... (Encrypted secrets are redacted) to ... (Encrypted secrets are redacted. See the <a href=#warning>warning</a> for details)

          Matt Sicker added a comment -

          Here's a proposed admin console for this feature so far:

          Matt Sicker added a comment - Here's a proposed admin console for this feature so far:

          Jesse Glick added a comment -

          PR 144 seems to be the current link.

          Jesse Glick added a comment - PR 144 seems to be the current link.

          Devin Nusbaum added a comment -

          Released in Support Core 2.48. Thanks jvz!

          Devin Nusbaum added a comment - Released in Support Core 2.48 . Thanks jvz !

          Matt Sicker added a comment -

          Updated documentation in wiki to reflect released feature.

          Matt Sicker added a comment - Updated documentation in wiki to reflect released feature.

          Matt Sicker added a comment -

          Feature is released now, marking this as closed.

          Matt Sicker added a comment - Feature is released now, marking this as closed.

            jvz Matt Sicker
            jglick Jesse Glick
            Votes:
            2 Vote for this issue
            Watchers:
            11 Start watching this issue

              Created:
              Updated:
              Resolved: