Keep private information out of your logs with Swift
One simple trick to avoid unintentionally leaking your users private info
So imagine you have an app with a fairly simple model struct like this:
struct User {
var identifier: String
var handle: String
var name: String
var dateOfBirth: Date
var city: String
}
And to help you debug problems in your code, you have a remote-logging system that will send error messages to your backend (say, Sentry or something similar). The function looks like this:
func logError(_ description: String, userInfo: Any...) {
// ...
}
And then, whenever something fishy is happening, you use the logError
function so that you can investigate it later:
logError("trying to edit the user that is not current user")
But wait! This message alone is not that useful. So to help you pinpoint exactly what’s happening, you usually include your model objects as well:
logError("trying to edit the user that is not current user", user, currentUser)
Wonderful, isn’t it?
…Well, there’s a problem
Open your logs, and here’s what you’re likely to see alongside your error messages:
▿ Your_App.User
- identifier: "6EEBA88F-D397-4108-B3D9-2B60E5FB4477"
- handle: "swifty15"
- name: "John Appleseed"
▿ dateOfBirth: 1976-01-04 20:36:07 +0000
- timeIntervalSinceReferenceDate: -788671432.408519
- city: "Oakland"
Yikes. All this sensitive data like name, city and date of birth, is leaked to your logs now. Funny thing is that it’s really not something you even need in this case, but still something that you’re totally responsible for.
Don’t commit your users’ personal information to your logs!
But how, you would ask? Should I go over every single logError
line in my code and make sure that I only submit the data I need? Should I now worry about it every time I write another log statement? How am I gonna make sure my teammates don’t make the same mistake?
Solution
Luckily, there’s a simple universal solution that can help you solve this problem once and for all. And it involves… 🥁
…Property wrappers! Yay, not only are we making our code safer for our users, but also much, much trendier for our developers. Win-win!
So, here’s a neat little property wrapper for this:
@propertyWrapper
struct LoggingExcluded<Value>: CustomStringConvertible, CustomDebugStringConvertible, CustomLeafReflectable {
var wrappedValue: Value
init(wrappedValue: Value) {
self.wrappedValue = wrappedValue
}
var description: String {
return "--redacted--"
}
var debugDescription: String {
return "--redacted--"
}
var customMirror: Mirror {
return Mirror(reflecting: "--redacted--")
}
}
This wrapper doesn't do much: it simply makes sure that when your code is trying to print
, debugPrint
or dump
a property, it will show --redacted--
instead of an actual value. And since virtually any existing logging system uses one of these functions, it will effectively remove any @LoggingExcluded
property from our logs.
So let’s update our User
struct:
struct User {
var identifier: String
var handle: String
@LoggingExcluded var name: String
@LoggingExcluded var dateOfBirth: Date
@LoggingExcluded var city: String
}
And to make sure it works as expected, let’s test our User
instance with each of the three logging functions: print
, debugPrint
and dump
:
User(identifier: "6EEBA88F-D397-4108-B3D9-2B60E5FB4477", handle: "swifty15", _name: --redacted--, _dateOfBirth: --redacted--, _city: --redacted--)// debugPrint
Your_App.User(identifier: "6EEBA88F-D397-4108-B3D9-2B60E5FB4477", handle: "swifty15", _name: --redacted--, _dateOfBirth: --redacted--, _city: --redacted--)// dump
▿ Your_App.User
- identifier: "6EEBA88F-D397-4108-B3D9-2B60E5FB4477"
- handle: "swifty15"
- _name: --redacted--
- _dateOfBirth: --redacted--
- _city: --redacted--
Works absolutely flawlessly!
So there you have it — just prefix your property with @LoggingExcluded
when you want to keep some information out of your logs, and it will never show up in your logs no matter what you do.
I’ve tried this approach in both “Ask Yourself Everyday” and “Time and Again”, and it worked perfectly for me. Now I always sleep peacefully knowing that my users’ data is absolutely safe.
Does this work for you? Do you already use a similar pattern in your code? Have you tried implementing this but for some reason it’s not suitable for your codebase? Or do you have any other questions about this? Let me know in the comments section below! I’m truly excited to hear from you.
Appendix 1: Adding Codable conformance
extension LoggingExcluded: Decodable where Value: Decodable {
init(from decoder: Decoder) throws {
let container = try decoder.singleValueContainer()
self.wrappedValue = try container.decode(Value.self)
}
}extension LoggingExcluded: Encodable where Value: Encodable {
func encode(to encoder: Encoder) throws {
var container = encoder.singleValueContainer()
try container.encode(wrappedValue)
}
}
Thanks for reading the post! Don’t hesitate to ask or suggest anything in the “responses” section below. You can also contact me on Twitter or find me on GitHub. If you have written a piece (or stumbled upon one) exploring similar topic — make sure to post a link to it in the responses so I can include it right below.
Further learning:
- “Privacy Aware Logging with Swift”, a talk I gave in San Francisco in 2019 that this post is based on
- Swift Property Wrappers, by NSHipster
- SE-0258, Property wrappers Swift Evolution proposal
Hi! If you want to support me, please check out my apps: Ask Yourself Everyday, Time and Again and Women’s Football 2017. For business inquiries, reach me at oleg@dreyman.dev. Thanks for reading!