IP address is not scrubbed in info logs, channel_tls_process_netinfo_cell() AND manpage for SafeLogging overgeneralizes
Here's a log snippet from an info log I was manually reviewing to scrub before sharing.
[info] channel_tls_process_netinfo_cell(): Got good NETINFO cell from [scrubbed]:443; OR connection is now open, using protocol version 5. Its ID digest is <redacted>. Our address is apparently <redacted>.In the above, <redacted> is my notation; [scrubbed] is from SafeLogging.
(I'm not sure I had to redact the digest, but was just being conservative.)
SafeLogging 1 was set (default).
Tor 0.3.3.7
asn mentioned on #tor-dev that he thinks this is a bug. Some brief notes from asn:
"" : fmt_and_decorate_addr(&my_apparent_addr)); hm yeah that's I think a bug it should be safe_str_client() so weird that no one has mentioned htis before
It's worth noting the manpage for SafeLogging says:
... If this option is set to 0, Tor will not perform any scrubbing, if it is set to 1, all potentially sensitive strings are replaced. ...
arma advocated for a different resolution:
if i were filing this ticket i would file a "scale back safelogging claims in the man page" ticket :)
(My preference is to scrub the IP address, but I also acknowledge the rabbit hole of trying to scrub anything "sensitive", especially in info/debug logs)