Encrypt the attached bug report file

delphi package - automated exception handling

Encrypt the attached bug report file

Postby bwdirks » Wed Sep 13, 2017 7:09 pm

I'm using LockBox to encrypt the ExceptIntf.BugReportFile. That part is working. I'm encrypting the file within the TMadExceptionHandler.OnExceptAction.
Here's the code:
Code: Select all
procedure TfmTest.FormCreate(Sender: TObject);
begin
  // get the user's temp folder. FErrorFile is a private variable in the form class
  FErrorFile := IncludeTrailingPathDelimiter(GetEnvironmentVariable('TEMP'));

  // append the file name
  FErrorFile := FErrorFile + 'Error.log';

  // tell madExcept where to create the file
  MESettings.BugReportFile := FErrorFile;
end;

procedure TfmTest.MadHandlerExceptAction(action: TExceptAction; const exceptIntf: IMEException; var handled: Boolean);
var
  InStream: TStringStream;
  OutStream: TFileStream;

begin
  if Action = eaSendBugReport3 then
  begin
    InStream  := TStringStream.Create;
    OutStream := TFileStream.Create(ExceptIntf.BugReportFile,fmCreate);

    try
      // put the bug report data into the TStringStream
      InStream.WriteString(ExceptIntf.BugReport);

      // reset position to 0
      InStream.Position := 0;

      // encrypt with LockBox DES encryption
      LockBoxDES.EncryptStream(InStream,OutStream);
    finally
      // free the streams
      InStream.Free;
      OutStream.Free;
    end;
  end;
end;


In my test app I have a line of code that will throw a simple List out of bounds exception. When I run the test app I end up with 2 Error.log files.
One in the correct place, the user's TEMP folder: C:\Users\me\AppData\Local\Temp\Error.log. And it's encrypted.
But another one gets created, that's NOT encrypted, gets created in C:\Users\me\AppData\Local\Temp\MyTest.madExcept\Error.log.

What am I doing wrong?
bwdirks
 
Posts: 10
Joined: Wed Feb 04, 2015 7:07 pm

Re: Encrypt the attached bug report file

Postby madshi » Tue Sep 19, 2017 5:49 pm

You're writing the file, but you're not telling madExcept that you've done so. If you set "handled := true" madExcept will know that the requested "action" has been executed and that madExcept doesn't have to do anything, anymore. However, looking at your code, you're doing this for the "send" action, not "save" action? In that case setting "handled := true" will actually stop the "send" action, which is probably not what you want?

In any case, my best guess is that you still have the default madExcept setting "automatically save bug report" checked here:

http://help.madshi.net/madExceptSettings2.htm

If so, simply unchecking that should get rid of the not encrypted file writing.
madshi
Site Admin
 
Posts: 9472
Joined: Sun Mar 21, 2004 5:25 pm

Re: Encrypt the attached bug report file

Postby bwdirks » Fri Sep 22, 2017 12:55 pm

Have you ever given any thought to adding encryption options to your product? An option that would encrypt the entire bugreport.txt file and the file that gets attached to emails; and a public Decrypt function so we could build our own bugreport.txt readers maybe?

Just a suggestion.
bwdirks
 
Posts: 10
Joined: Wed Feb 04, 2015 7:07 pm

Re: Encrypt the attached bug report file

Postby madshi » Fri Sep 22, 2017 1:33 pm

What would be the purpose of that? Why do you want to encrypt the bug report in the first place?
madshi
Site Admin
 
Posts: 9472
Joined: Sun Mar 21, 2004 5:25 pm

Re: Encrypt the attached bug report file

Postby bwdirks » Fri Sep 22, 2017 1:40 pm

Because I work for a company that is a contractor to the Veterans Administration and they have demanded that all applications encrypt any Personally Identifiable Information (PII), Protected Health Information (PHI), and Internal Business Information (IBI) that can exist in an error log.
bwdirks
 
Posts: 10
Joined: Wed Feb 04, 2015 7:07 pm

Re: Encrypt the attached bug report file

Postby madshi » Fri Sep 22, 2017 1:47 pm

Wouldn't it be easier to simply remove the offending information? For an example look at the bottom of this page:

http://help.madshi.net/HowToUseMadExcept.htm
madshi
Site Admin
 
Posts: 9472
Joined: Sun Mar 21, 2004 5:25 pm

Re: Encrypt the attached bug report file

Postby bwdirks » Fri Sep 22, 2017 1:52 pm

Sure, but our support team needs the Internal Business Information to help track down issues.

The VA uses Cache for its Computerized Patient Record System (CPRS) and all of our applications record all of the data that goes back and forth between our apps and the Cache server via RPC calls. That "Broker History" is attached to the bugreport.txt file and it can contain PHI and PII so it has to be encrypted.
bwdirks
 
Posts: 10
Joined: Wed Feb 04, 2015 7:07 pm

Re: Encrypt the attached bug report file

Postby madshi » Fri Sep 22, 2017 2:17 pm

I see. Well, there's a madCrypt.pas which allows you to easily encrypt the sensitive information:

http://help.madshi.net/madCryptUnit.htm

So you could follow the method explained at the bottom at this page:

http://help.madshi.net/HowToUseMadExcept.htm

And then replace all the header information that is sensitive. Should be possible to implement with just a couple of lines of code.
madshi
Site Admin
 
Posts: 9472
Joined: Sun Mar 21, 2004 5:25 pm

Re: Encrypt the attached bug report file

Postby bwdirks » Fri Sep 22, 2017 2:19 pm

Thanks I'll take a look at it. But I've already completed the task of encrypting the sensitive data. I just noticed that one of your competitors has optional built-in encryption so I thought I'd hit you up about it and see what you thought.
bwdirks
 
Posts: 10
Joined: Wed Feb 04, 2015 7:07 pm

Re: Encrypt the attached bug report file

Postby madshi » Fri Sep 22, 2017 3:00 pm

You're the first user asking for encryption of bug reports. Personally, as a developer, I would be annoyed if I had to enter a password every time I wanted to look at a bug report. So I think it's a better solution to only encrypt the sensitive information and decrypt it on demand, and making all the other information (stack traces etc) available unencrypted. That said, I'm not opposed to the idea of adding a bug report encryption feature. I'm just wondering how many users really want/need it, because you're the first one asking for it (as far as I remember).

Every feature I add makes the madExcept code footprint (the KBs added to your EXE) bigger. So I always have to decide if adding a feature is something a fair percentage of madExcept users would actually use. If not, it's more effective for people who want that feature to implement it themselves in a little bug report handler. Well, at least if it's easy to do. That said, while it should be easy for you to add the encryption part, it's not as easy to decrypt the information comfortably. Which would be an argument for adding such a feature to the madExcept bug report viewer. But again: How many users would actually use that?
madshi
Site Admin
 
Posts: 9472
Joined: Sun Mar 21, 2004 5:25 pm

Re: Encrypt the attached bug report file

Postby bwdirks » Fri Sep 22, 2017 3:11 pm

That's exactly what we're doing: Encrypting the required data and leaving stack trace, hardware, etc. unencrypted. No password is required. We're using our own encryption algorithm and wrote our own reader/decrypter tool. We just open the file and it decrypts whatever's encrypted and displays it to us.

Thanks for the conversation on this subject.
bwdirks
 
Posts: 10
Joined: Wed Feb 04, 2015 7:07 pm


Return to madExcept

Who is online

Users browsing this forum: No registered users and 2 guests

cron