P3
The 'jfr scrub' command can be used to remove sensitive information, such as values stored in system properties or environment variables, but there is no indication in the output of what was removed. If the user enter the wrong event name, the sensitive information may still be present.
A workaround is to use 'jfr summary' to compare files before and after running 'jfr scrub. This is error-prone and an option users may not be aware of. Providing a summary of what was removed would give users confidence that the resulting file contains what they requested.
Example usage:
$ jfr scrub --exclude-events jdk.InitialSystemProperty,jdk.InitialEnvironmentVariable sensitive.jfr
Scrubbed recording file written to:
/Users/user/sensitive-scrubbed.jfr
Removed events:
jdk.InitialEnvironmentVariable 22/22
jdk.InitialSystemProperty 14/14
A workaround is to use 'jfr summary' to compare files before and after running 'jfr scrub. This is error-prone and an option users may not be aware of. Providing a summary of what was removed would give users confidence that the resulting file contains what they requested.
Example usage:
$ jfr scrub --exclude-events jdk.InitialSystemProperty,jdk.InitialEnvironmentVariable sensitive.jfr
Scrubbed recording file written to:
/Users/user/sensitive-scrubbed.jfr
Removed events:
jdk.InitialEnvironmentVariable 22/22
jdk.InitialSystemProperty 14/14
- links to
-
Commit(master)
openjdk/jdk/a2d7f441
-
Review(master)
openjdk/jdk/24669