fix: redact MeshLog proto secrets and centralize Compose keep-rules (#5166)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: jamesarich <2199651+jamesarich@users.noreply.github.com>
2026-04-20 22:23:37 +00:00 · 2026-04-17 11:20:50 -05:00 · 2026-04-17 11:20:50 -05:00 · 5eba7e4dce
commit 5eba7e4dce
parent 7f1ea28d47
4 changed files with 52 additions and 17 deletions
--- a/core/data/src/commonMain/kotlin/org/meshtastic/core/data/manager/MeshMessageProcessorImpl.kt
+++ b/core/data/src/commonMain/kotlin/org/meshtastic/core/data/manager/MeshMessageProcessorImpl.kt
@ -32,6 +32,8 @@ import org.meshtastic.core.common.util.nowSeconds
 import org.meshtastic.core.model.MeshLog
 import org.meshtastic.core.model.Node
 import org.meshtastic.core.model.util.isLora
+import org.meshtastic.core.model.util.toOneLineString
+import org.meshtastic.core.model.util.toPIIString
 import org.meshtastic.core.repository.FromRadioPacketHandler
 import org.meshtastic.core.repository.MeshLogRepository
 import org.meshtastic.core.repository.MeshMessageProcessor
@ -125,11 +127,11 @@ class MeshMessageProcessorImpl(
                proto.xmodemPacket != null -> "XmodemPacket" to proto.xmodemPacket.toString()
                proto.deviceuiConfig != null -> "DeviceUIConfig" to proto.deviceuiConfig.toString()
                proto.fileInfo != null -> "FileInfo" to proto.fileInfo.toString()
-                proto.my_info != null -> "MyInfo" to proto.my_info.toString()
-                proto.node_info != null -> "NodeInfo" to proto.node_info.toString()
-                proto.config != null -> "Config" to proto.config.toString()
-                proto.moduleConfig != null -> "ModuleConfig" to proto.moduleConfig.toString()
-                proto.channel != null -> "Channel" to proto.channel.toString()
+                proto.my_info != null -> "MyInfo" to proto.my_info!!.toOneLineString()
+                proto.node_info != null -> "NodeInfo" to proto.node_info!!.toPIIString()
+                proto.config != null -> "Config" to proto.config!!.toOneLineString()
+                proto.moduleConfig != null -> "ModuleConfig" to proto.moduleConfig!!.toOneLineString()
+                proto.channel != null -> "Channel" to proto.channel!!.toOneLineString()
                proto.clientNotification != null -> "ClientNotification" to proto.clientNotification.toString()
                else -> return
            }
--- a/core/model/src/commonMain/kotlin/org/meshtastic/core/model/util/Extensions.kt
+++ b/core/model/src/commonMain/kotlin/org/meshtastic/core/model/util/Extensions.kt
@ -18,8 +18,11 @@

 package org.meshtastic.core.model.util

+import org.meshtastic.proto.Channel
 import org.meshtastic.proto.Config
 import org.meshtastic.proto.MeshPacket
+import org.meshtastic.proto.ModuleConfig
+import org.meshtastic.proto.MyNodeInfo
 import org.meshtastic.proto.Telemetry

 /**
@ -48,6 +51,24 @@ fun MeshPacket.toOneLineString(): String {
    return this.toString().replace(redactedFields.toRegex()) { "${it.groupValues[1]}=[REDACTED]" }.replace('\n', ' ')
 }

+fun Channel.toOneLineString(): String {
+    // Redact the channel preshared key (psk) from logs.
+    val redactedFields = """(psk)=[^,}]+"""
+    return this.toString().replace(redactedFields.toRegex()) { "${it.groupValues[1]}=[REDACTED]" }.replace('\n', ' ')
+}
+
+fun ModuleConfig.toOneLineString(): String {
+    // Redact MQTT credentials from logs.
+    val redactedFields = """(password|username)=[^,}]+"""
+    return this.toString().replace(redactedFields.toRegex()) { "${it.groupValues[1]}=[REDACTED]" }.replace('\n', ' ')
+}
+
+fun MyNodeInfo.toOneLineString(): String {
+    // Redact the hardware unique identifier from logs.
+    val redactedFields = """(device_id)=[^,}]+"""
+    return this.toString().replace(redactedFields.toRegex()) { "${it.groupValues[1]}=[REDACTED]" }.replace('\n', ' ')
+}
+
 fun Any.toPIIString() = if (!isDebug) {
    "<PII?>"
 } else {