Page 1 of 1

Encrypt the attached bug report file

PostPosted: Wed Sep 13, 2017 7:09 pm
by bwdirks
I'm using LockBox to encrypt the ExceptIntf.BugReportFile. That part is working. I'm encrypting the file within the TMadExceptionHandler.OnExceptAction.
Here's the code:
Code: Select all
procedure TfmTest.FormCreate(Sender: TObject);
begin
  // get the user's temp folder. FErrorFile is a private variable in the form class
  FErrorFile := IncludeTrailingPathDelimiter(GetEnvironmentVariable('TEMP'));

  // append the file name
  FErrorFile := FErrorFile + 'Error.log';

  // tell madExcept where to create the file
  MESettings.BugReportFile := FErrorFile;
end;

procedure TfmTest.MadHandlerExceptAction(action: TExceptAction; const exceptIntf: IMEException; var handled: Boolean);
var
  InStream: TStringStream;
  OutStream: TFileStream;

begin
  if Action = eaSendBugReport3 then
  begin
    InStream  := TStringStream.Create;
    OutStream := TFileStream.Create(ExceptIntf.BugReportFile,fmCreate);

    try
      // put the bug report data into the TStringStream
      InStream.WriteString(ExceptIntf.BugReport);

      // reset position to 0
      InStream.Position := 0;

      // encrypt with LockBox DES encryption
      LockBoxDES.EncryptStream(InStream,OutStream);
    finally
      // free the streams
      InStream.Free;
      OutStream.Free;
    end;
  end;
end;


In my test app I have a line of code that will throw a simple List out of bounds exception. When I run the test app I end up with 2 Error.log files.
One in the correct place, the user's TEMP folder: C:\Users\me\AppData\Local\Temp\Error.log. And it's encrypted.
But another one gets created, that's NOT encrypted, gets created in C:\Users\me\AppData\Local\Temp\MyTest.madExcept\Error.log.

What am I doing wrong?

Re: Encrypt the attached bug report file

PostPosted: Tue Sep 19, 2017 5:49 pm
by madshi
You're writing the file, but you're not telling madExcept that you've done so. If you set "handled := true" madExcept will know that the requested "action" has been executed and that madExcept doesn't have to do anything, anymore. However, looking at your code, you're doing this for the "send" action, not "save" action? In that case setting "handled := true" will actually stop the "send" action, which is probably not what you want?

In any case, my best guess is that you still have the default madExcept setting "automatically save bug report" checked here:

http://help.madshi.net/madExceptSettings2.htm

If so, simply unchecking that should get rid of the not encrypted file writing.

Re: Encrypt the attached bug report file

PostPosted: Fri Sep 22, 2017 12:55 pm
by bwdirks
Have you ever given any thought to adding encryption options to your product? An option that would encrypt the entire bugreport.txt file and the file that gets attached to emails; and a public Decrypt function so we could build our own bugreport.txt readers maybe?

Just a suggestion.

Re: Encrypt the attached bug report file

PostPosted: Fri Sep 22, 2017 1:33 pm
by madshi
What would be the purpose of that? Why do you want to encrypt the bug report in the first place?

Re: Encrypt the attached bug report file

PostPosted: Fri Sep 22, 2017 1:40 pm
by bwdirks
Because I work for a company that is a contractor to the Veterans Administration and they have demanded that all applications encrypt any Personally Identifiable Information (PII), Protected Health Information (PHI), and Internal Business Information (IBI) that can exist in an error log.

Re: Encrypt the attached bug report file

PostPosted: Fri Sep 22, 2017 1:47 pm
by madshi
Wouldn't it be easier to simply remove the offending information? For an example look at the bottom of this page:

http://help.madshi.net/HowToUseMadExcept.htm

Re: Encrypt the attached bug report file

PostPosted: Fri Sep 22, 2017 1:52 pm
by bwdirks
Sure, but our support team needs the Internal Business Information to help track down issues.

The VA uses Cache for its Computerized Patient Record System (CPRS) and all of our applications record all of the data that goes back and forth between our apps and the Cache server via RPC calls. That "Broker History" is attached to the bugreport.txt file and it can contain PHI and PII so it has to be encrypted.

Re: Encrypt the attached bug report file

PostPosted: Fri Sep 22, 2017 2:17 pm
by madshi
I see. Well, there's a madCrypt.pas which allows you to easily encrypt the sensitive information:

http://help.madshi.net/madCryptUnit.htm

So you could follow the method explained at the bottom at this page:

http://help.madshi.net/HowToUseMadExcept.htm

And then replace all the header information that is sensitive. Should be possible to implement with just a couple of lines of code.

Re: Encrypt the attached bug report file

PostPosted: Fri Sep 22, 2017 2:19 pm
by bwdirks
Thanks I'll take a look at it. But I've already completed the task of encrypting the sensitive data. I just noticed that one of your competitors has optional built-in encryption so I thought I'd hit you up about it and see what you thought.

Re: Encrypt the attached bug report file

PostPosted: Fri Sep 22, 2017 3:00 pm
by madshi
You're the first user asking for encryption of bug reports. Personally, as a developer, I would be annoyed if I had to enter a password every time I wanted to look at a bug report. So I think it's a better solution to only encrypt the sensitive information and decrypt it on demand, and making all the other information (stack traces etc) available unencrypted. That said, I'm not opposed to the idea of adding a bug report encryption feature. I'm just wondering how many users really want/need it, because you're the first one asking for it (as far as I remember).

Every feature I add makes the madExcept code footprint (the KBs added to your EXE) bigger. So I always have to decide if adding a feature is something a fair percentage of madExcept users would actually use. If not, it's more effective for people who want that feature to implement it themselves in a little bug report handler. Well, at least if it's easy to do. That said, while it should be easy for you to add the encryption part, it's not as easy to decrypt the information comfortably. Which would be an argument for adding such a feature to the madExcept bug report viewer. But again: How many users would actually use that?

Re: Encrypt the attached bug report file

PostPosted: Fri Sep 22, 2017 3:11 pm
by bwdirks
That's exactly what we're doing: Encrypting the required data and leaving stack trace, hardware, etc. unencrypted. No password is required. We're using our own encryption algorithm and wrote our own reader/decrypter tool. We just open the file and it decrypts whatever's encrypted and displays it to us.

Thanks for the conversation on this subject.