• Bundle anonymization

      For sites with stringent security policies, there should be an option when generating a support bundle (or perhaps just a global setting applicable also to auto-generated bundles) that would search for mentions in all files of labels created by the customer which might reflect proprietary processes: job, folder, view, slave, and template names, slave labels, etc.

      The plugin would gather a list of all such labels, create randomized tokens, and produce a mapping so that a job AppBuild becomes Job_ayrzw. For labels with spaces or other special characters, which could have triggered bugs, the mapping should follow, so App ? Build should become Job_ayrzw ? X, and the mapping should also include encoded variants such as App%20%E2%86%92%20Build to Job_ayrzw%20%E2%86%92%20X and App%20%e2%86%92%20Build to Job_ayrzw%20%e2%86%92%20X.

      Then these substitutions would be applied to all files included in the support bundle, particularly log files and thread dumps.

      It is impossible to guarantee that customer text does not appear in some unusual context, e.g. an exception quoting a syntactically incorrect Groovy script, but these substitutions would sanitize the great majority of what the support bundle produces, and make it feasible for the customer to do a final inspection without needing to do much or any manual editing.

          [JENKINS-21670] Option to anonymize customer labels

          Jesse Glick created issue -

          IPs and network settings have also to be shadowed.

          Arnaud Héritier added a comment - IPs and network settings have also to be shadowed.
          Arnaud Héritier made changes -
          Link New: This issue is blocking JENKINS-33091 [ JENKINS-33091 ]

          Please help me to clarify the following things.

          1) How to find and keep track of labels created by the customer from the plugin side.
          2) What is the purpose of creating randomized tokens, Producing a mapping and substitution?

          Minudika Malshan added a comment - Please help me to clarify the following things. 1) How to find and keep track of labels created by the customer from the plugin side. 2) What is the purpose of creating randomized tokens, Producing a mapping and substitution?

          Hi minudika

          From my POV (but I hope that many others will comment) I would like to have in the bundle generation form a set of new options to decide what kind of informations I would like to anonymise (by default everything checked). These king of informations may be something like URLs, IPs, ...
          Based on these settings we should try to find in the bundle all the entries matching them and for each different entry we should replace it by a unique entry. This is what is explaining jglick.
          It is critical within a bundle to to always replace the same entry by the same value to be able to understand the relation in all files.
          Nowadays we don't allow to export job configuration files or build informations ( JENKINS-30468 ) but I hope that one day we will and thus in that case we'll have to use the same mechanism.

          Arnaud Héritier added a comment - Hi minudika From my POV (but I hope that many others will comment) I would like to have in the bundle generation form a set of new options to decide what kind of informations I would like to anonymise (by default everything checked). These king of informations may be something like URLs, IPs, ... Based on these settings we should try to find in the bundle all the entries matching them and for each different entry we should replace it by a unique entry. This is what is explaining jglick . It is critical within a bundle to to always replace the same entry by the same value to be able to understand the relation in all files. Nowadays we don't allow to export job configuration files or build informations ( JENKINS-30468 ) but I hope that one day we will and thus in that case we'll have to use the same mechanism.

          Jesse Glick added a comment -

          By the way I would suggest using something like this library instead of unreadable tokens. Easier for humans to remember and match.

          Jesse Glick added a comment - By the way I would suggest using something like this library instead of unreadable tokens. Easier for humans to remember and match.

          +1 with jglick

          Arnaud Héritier added a comment - +1 with jglick
          Arnaud Héritier made changes -
          Assignee New: Minudika Malshan [ minudika ]
          Arnaud Héritier made changes -
          Issue Type Original: New Feature [ 2 ] New: Story [ 10002 ]
          Arnaud Héritier made changes -
          Labels New: gsoc gsoc-2016

            jvz Matt Sicker
            jglick Jesse Glick
            Votes:
            2 Vote for this issue
            Watchers:
            11 Start watching this issue

              Created:
              Updated:
              Resolved: