Bug #85316

Anonymize IP scheduler tasks does not clean up log_data field

Added by Felix Nagel about 1 year ago. Updated 10 months ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
scheduler
Target version:
-
Start date:
2018-06-20
Due date:
% Done:

100%

TYPO3 Version:
8
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:
On Location Sprint

Description

When using the new scheduler task (TYPO3\CMS\Scheduler\Task\IpAnonymizationTask) for anonymizing IP addresses (by default in sys_log table) some occurrences of a IP might be still existing.

Example (for logging a BE user login):

# Before task
details: User %s logged in from %s (%s)
IP: 123.456.789.123
log_data: a:3:{i:0;s:8:"john.doe";i:1;s:15:"123.456.789.123";i:2;s:0:"";}

# After task
details: User %s logged in from %s (%s)
IP: 123.456.789.0
log_data: a:3:{i:0;s:8:"john.doe";i:1;s:15:"123.456.789.123";i:2;s:0:"";}

The data used for the log module (field log_data)still contains the full IP address.
Not quite sure if there are more log item types that save the IP within the serialized data.


Related issues

Related to TYPO3 Core - Feature #84053: Anonymize IPs Closed 2018-02-27
Related to TYPO3 Core - Epic #84776: Initiative GDPR Closed 2018-02-27 2018-05-28
Precedes TYPO3 Core - Bug #85773: Flaws in sys_log entry IP anonymization Closed 2018-06-21 2018-06-21

Associated revisions

Revision dfbd9873 (diff)
Added by Georg Ringer about 1 year ago

[TASK] Remove IP address from details field of sys_log entry

Avoid persisting the IP address of a login action twice and just use
the one of the IP field.

Additionally the anoymize scheduler task can now remove all unwanted IP
addresses from the logs.

Be aware that the anonymization of the sys_log entries only
works for new entries that were generated after this patch. Older
entries have to be deleted or the details field needs to be
cleared manually.

Resolves: #85316
Releases: master, 8.7, 7.6
Change-Id: I9c5c65d52462a82047324390bc3e6b970a8f8840
Reviewed-on: https://review.typo3.org/57313
Reviewed-by: Andreas Wolf <>
Tested-by: Andreas Wolf <>
Tested-by: TYPO3com <>
Reviewed-by: Stefan Neufeind <>
Tested-by: Stefan Neufeind <>

Revision 8a632bda (diff)
Added by Markus Klein 11 months ago

[BUGFIX] Remove wrong parameters for log entries and remove REMOTE_HOST

Patch https://review.typo3.org/57313 introduced a number of wrong
log entry calls, which provide too much data for sprintf().
This patch removes those unneeded entries.

Moreover, this patch removes the REMOTE_HOST from log entries as those
would exact matching of the IP address, which is not desired. (GDPR)

Resolves: #85773
Related: #85316
Releases: master
Change-Id: Ic7eb288efde53f6232ee699e6786d965a67d2e7f
Reviewed-on: https://review.typo3.org/57832
Tested-by: TYPO3com <>
Reviewed-by: Wouter Wolters <>
Reviewed-by: Łukasz Uznański <>
Reviewed-by: Christian Kuhn <>
Tested-by: Christian Kuhn <>
Reviewed-by: Andreas Fernandez <>
Tested-by: Andreas Fernandez <>

History

#1 Updated by Felix Nagel about 1 year ago

#2 Updated by Georg Ringer about 1 year ago

#3 Updated by Gerrit Code Review about 1 year ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57313

#4 Updated by Georg Ringer about 1 year ago

  • Sprint Focus set to On Location Sprint

#5 Updated by Gerrit Code Review about 1 year ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57313

#6 Updated by Gerrit Code Review about 1 year ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57313

#7 Updated by Gerrit Code Review about 1 year ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57313

#8 Updated by Gerrit Code Review about 1 year ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57313

#9 Updated by Gerrit Code Review about 1 year ago

Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57313

#10 Updated by Gerrit Code Review about 1 year ago

Patch set 7 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57313

#11 Updated by Gerrit Code Review about 1 year ago

Patch set 8 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57313

#12 Updated by Georg Ringer about 1 year ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

#13 Updated by Markus Klein 11 months ago

  • Precedes Bug #85773: Flaws in sys_log entry IP anonymization added

#14 Updated by Benni Mack 10 months ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF