Backtrace provides several facilities for scrubbing data of personally identifiable information. There are mechanisms for both native UNIX core dump formats as well as the minidump format used by Windows, Breakpad and Crashpad.
Data Scrubbers for minidump
Minidump files contain raw data of the crashed process which may include sensitive data, such as Personally Identifiable Information (PII). When they are submitted to Backtrace server, metadata and attributes are extracted from them and the minidump files are persisted on disk. Developers are able to view these dumps directly in their web browser or download them for the purposes of root cause analysis.
Data Scrubbers provide administrators the ability to remove sensitive data from dump files submitted to Backtrace before they are committed to disk. All data contained in the dump including register values, memory and crash attributes is scanned for patterns that may be indicative of personally identifiable information.
There are two primary classes of data scrubbers: built-in scrubbers and regular expression scrubbers. Built-in scrubbers exist for:
- Credit card numbers.
- Social security numbers.
- Encryption keys.
- Environment variables.
These scrubbers are applied to:
- Filesystem paths.
- Register values.
- Memory regions.
If an environment variable scrubber is enabled, all environment variables are scrubbed.
All personally identifiable information is mutated in-place before committing to disk. The offending information is masked and the over-all structure of the file is unmodified in order to ensure that the file can be loaded by your system debugger.
User-defined scrubbers can also be defined using POSIX regular expressions.
Scrubbers that rely on regular expression are applied to any data in the dump
that looks like it may be a string. For example, string representations of
IP addresses can be scrubbed with the regular expression
At this time, management of the scrubbers is handled through the morgue command line utility. Learn more about morgue here.
Usage: morgue scrubber <project> list
For example, the following command lists the scrubbers of project
morgue scrubber minetest list  credit_card regexp: null builtin: ccn format: minidump target: memory enable: 0  social_security regexp: null builtin: ssn format: minidump target: memory enable: 0  security_key regexp: null builtin: key format: minidump target: memory enable: 0  environment_variable regexp: null builtin: env format: all target: all enable: 1  ip_addr regexp: [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ builtin: null format: all target: all enable: 1
This project has five data scrubbers. Each scrubber is given an
id number and
consists of fields of
name is a human-readable name for a scrubber.
regexp is a regular expression defined by the user.
builtin is Backtrace provided scrubbers. Current implementation includes:
env which are credit card number, social security number,
encryption key and environment variable respectively.
format refers to applicable crash error format. It must be
target refers to data regions of crash error to scrub. Valid values are
all. However, the current implementation
doesn't enforce the target. All data are scrubbed instead.
enable specifies if the scrubber will be applied to crash error data.
disables the scrubber while other integer values enable the scrubber.
Usage: morgue scrubber <project> create --name=<name> --regexp=<regex> --enable=<1|0> [options]
Usage: morgue scrubber <project> create --name=<name> --builtin=<ccn|ssn|key|env|all> --enable=<1|0> [options]
You must specify either
builtin, but not both.
--builtin=all is chosen, all builtin scrubbers are created at once.
--target=<memory|map|registers|variable|all>. If not specified, both
target are set to
The following example create a scrubber to filter IP addresses.
morgue scrubber minetest create --name=ip_scrubber --regexp='[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' --enable=1
Usage: morgue scrubber <project> modify <id> --name=<name> --regexp=<regex> --enable<1|0>
id refers to the unique number shown in the scrubber
list command. User
would usually use this command to rename a scrubber, tune regular expression and/or
enable/disable a scrubber.
Usage: morgue scrubber <project> delete <id>
Extensions for Native UNIX Dumps
If you are using our advanced debugger for Linux, FreeBSD and IllumOS-based systems you are able to modify and censor personally identifiable information through our plugin system, either with LUA or C plugins. Learn more here.