Encrypt the attached bug report file

delphi package - automated exception handling
bwdirks
Posts: 19
Joined: Wed Feb 04, 2015 7:07 pm

Encrypt the attached bug report file

Post by bwdirks »

I'm using LockBox to encrypt the ExceptIntf.BugReportFile. That part is working. I'm encrypting the file within the TMadExceptionHandler.OnExceptAction.
Here's the code:

Code: Select all

procedure TfmTest.FormCreate(Sender: TObject);
begin
  // get the user's temp folder. FErrorFile is a private variable in the form class
  FErrorFile := IncludeTrailingPathDelimiter(GetEnvironmentVariable('TEMP'));

  // append the file name
  FErrorFile := FErrorFile + 'Error.log';

  // tell madExcept where to create the file
  MESettings.BugReportFile := FErrorFile;
end;

procedure TfmTest.MadHandlerExceptAction(action: TExceptAction; const exceptIntf: IMEException; var handled: Boolean);
var
  InStream: TStringStream;
  OutStream: TFileStream;

begin
  if Action = eaSendBugReport3 then
  begin
    InStream  := TStringStream.Create;
    OutStream := TFileStream.Create(ExceptIntf.BugReportFile,fmCreate);

    try
      // put the bug report data into the TStringStream
      InStream.WriteString(ExceptIntf.BugReport);

      // reset position to 0
      InStream.Position := 0;

      // encrypt with LockBox DES encryption
      LockBoxDES.EncryptStream(InStream,OutStream);
    finally
      // free the streams
      InStream.Free;
      OutStream.Free;
    end;
  end;
end;
In my test app I have a line of code that will throw a simple List out of bounds exception. When I run the test app I end up with 2 Error.log files.
One in the correct place, the user's TEMP folder: C:\Users\me\AppData\Local\Temp\Error.log. And it's encrypted.
But another one gets created, that's NOT encrypted, gets created in C:\Users\me\AppData\Local\Temp\MyTest.madExcept\Error.log.

What am I doing wrong?
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: Encrypt the attached bug report file

Post by madshi »

You're writing the file, but you're not telling madExcept that you've done so. If you set "handled := true" madExcept will know that the requested "action" has been executed and that madExcept doesn't have to do anything, anymore. However, looking at your code, you're doing this for the "send" action, not "save" action? In that case setting "handled := true" will actually stop the "send" action, which is probably not what you want?

In any case, my best guess is that you still have the default madExcept setting "automatically save bug report" checked here:

http://help.madshi.net/madExceptSettings2.htm

If so, simply unchecking that should get rid of the not encrypted file writing.
bwdirks
Posts: 19
Joined: Wed Feb 04, 2015 7:07 pm

Re: Encrypt the attached bug report file

Post by bwdirks »

Have you ever given any thought to adding encryption options to your product? An option that would encrypt the entire bugreport.txt file and the file that gets attached to emails; and a public Decrypt function so we could build our own bugreport.txt readers maybe?

Just a suggestion.
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: Encrypt the attached bug report file

Post by madshi »

What would be the purpose of that? Why do you want to encrypt the bug report in the first place?
bwdirks
Posts: 19
Joined: Wed Feb 04, 2015 7:07 pm

Re: Encrypt the attached bug report file

Post by bwdirks »

Because I work for a company that is a contractor to the Veterans Administration and they have demanded that all applications encrypt any Personally Identifiable Information (PII), Protected Health Information (PHI), and Internal Business Information (IBI) that can exist in an error log.
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: Encrypt the attached bug report file

Post by madshi »

Wouldn't it be easier to simply remove the offending information? For an example look at the bottom of this page:

http://help.madshi.net/HowToUseMadExcept.htm
bwdirks
Posts: 19
Joined: Wed Feb 04, 2015 7:07 pm

Re: Encrypt the attached bug report file

Post by bwdirks »

Sure, but our support team needs the Internal Business Information to help track down issues.

The VA uses Cache for its Computerized Patient Record System (CPRS) and all of our applications record all of the data that goes back and forth between our apps and the Cache server via RPC calls. That "Broker History" is attached to the bugreport.txt file and it can contain PHI and PII so it has to be encrypted.
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: Encrypt the attached bug report file

Post by madshi »

I see. Well, there's a madCrypt.pas which allows you to easily encrypt the sensitive information:

http://help.madshi.net/madCryptUnit.htm

So you could follow the method explained at the bottom at this page:

http://help.madshi.net/HowToUseMadExcept.htm

And then replace all the header information that is sensitive. Should be possible to implement with just a couple of lines of code.
bwdirks
Posts: 19
Joined: Wed Feb 04, 2015 7:07 pm

Re: Encrypt the attached bug report file

Post by bwdirks »

Thanks I'll take a look at it. But I've already completed the task of encrypting the sensitive data. I just noticed that one of your competitors has optional built-in encryption so I thought I'd hit you up about it and see what you thought.
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: Encrypt the attached bug report file

Post by madshi »

You're the first user asking for encryption of bug reports. Personally, as a developer, I would be annoyed if I had to enter a password every time I wanted to look at a bug report. So I think it's a better solution to only encrypt the sensitive information and decrypt it on demand, and making all the other information (stack traces etc) available unencrypted. That said, I'm not opposed to the idea of adding a bug report encryption feature. I'm just wondering how many users really want/need it, because you're the first one asking for it (as far as I remember).

Every feature I add makes the madExcept code footprint (the KBs added to your EXE) bigger. So I always have to decide if adding a feature is something a fair percentage of madExcept users would actually use. If not, it's more effective for people who want that feature to implement it themselves in a little bug report handler. Well, at least if it's easy to do. That said, while it should be easy for you to add the encryption part, it's not as easy to decrypt the information comfortably. Which would be an argument for adding such a feature to the madExcept bug report viewer. But again: How many users would actually use that?
bwdirks
Posts: 19
Joined: Wed Feb 04, 2015 7:07 pm

Re: Encrypt the attached bug report file

Post by bwdirks »

That's exactly what we're doing: Encrypting the required data and leaving stack trace, hardware, etc. unencrypted. No password is required. We're using our own encryption algorithm and wrote our own reader/decrypter tool. We just open the file and it decrypts whatever's encrypted and displays it to us.

Thanks for the conversation on this subject.
Mark-
Posts: 20
Joined: Sat May 24, 2014 4:51 pm

Re: Encrypt the attached bug report file

Post by Mark- »

>I'm just wondering how many users really want/need it, because you're the first one asking for it (as far as I remember).

I came to the site looking for that exact feature. Vote yes, for me. :D
Mark-
Posts: 20
Joined: Sat May 24, 2014 4:51 pm

Re: Encrypt the attached bug report file

Post by Mark- »

Too add;

>If not, it's more effective for people who want that feature to implement it themselves in a little bug report handler.

Never done a bug report handler. Is there an example/help file I should look at?

As to decoding, I was thinking I would create a small app, drag and drop the file on it, decode and display. Using the madCrypt functions to process on both ends.
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: Encrypt the attached bug report file

Post by madshi »

Ok, we have a second vote for this feature now. So that's 2 votes in 5 years. Even if 2-3 more votes come in now, you gotta admit that's not a whole lot, considering how many users madExcept has (it's free for non-commercial use, after all).

Anyway, you can find an example on how to do bug report handlers at the very bottom of this page:

http://help.madshi.net/HowToUseMadExcept.htm

If you want to encrypt the bug report, though, you might want to look into using RegisterExceptActionHandler() instead of RegisterExceptionHandler(), because you probably don't really want to be notified about a crash, but instead about the sending of a bug report, so you can encrypt it just in time.
Mark-
Posts: 20
Joined: Sat May 24, 2014 4:51 pm

Re: Encrypt the attached bug report file

Post by Mark- »

madshi wrote: Mon Mar 07, 2022 3:15 pm RegisterExceptActionHandler()
Thanks, I will take a look.
Post Reply