id summary reporter owner description type status priority milestone component version resolution keywords cc 22846 [patch] Anonymize VM arguments in status reports gaben team "A JOSM instance in debugging can have special VM arguments which can contain sensitive information, like the user home dir. If someone creates bug report int that state, the VM arguments become visible. See for example one of my previous report #22845, where I manually changed the `-javaagent` param to hide the username. {{{#!patch Index: src/org/openstreetmap/josm/actions/ShowStatusReportAction.java =================================================================== --- src/org/openstreetmap/josm/actions/ShowStatusReportAction.java (revision 18699) +++ src/org/openstreetmap/josm/actions/ShowStatusReportAction.java (working copy) @@ -159,12 +159,12 @@ text.format(""WebStart package: %s%n"", webStartDetails); } } - // Add Gnome Atk wrapper details if found + // Add Gnome ATK wrapper details if found String atkWrapperDetails = platform.getAtkWrapperPackageDetails(); if (atkWrapperDetails != null) { text.format(""Java ATK Wrapper package: %s%n"", atkWrapperDetails); } - // Add dependencies details if found + // Add dependency details if found for (String p : new String[] { ""apache-commons-compress"", ""libcommons-compress-java"", ""apache-commons-jcs-core"", @@ -207,7 +207,7 @@ } } if (!vmArguments.isEmpty()) { - text.format(""VM arguments: %s%n"", vmArguments.toString().replace(""\\\\"", ""\\"")); + text.format(""VM arguments: %s%n"", paramCleanup(vmArguments).toString().replace(""\\\\"", ""\\"")); } } catch (SecurityException e) { Logging.trace(e); @@ -280,7 +280,7 @@ } /** - * Shortens and removes private informations from a parameter used for status report. + * Shortens and removes private information from a parameter used for status report. * @param param parameter to cleanup * @return shortened/anonymized parameter */ }}} " enhancement closed normal 23.04 Core fixed information disclosure