2Jerome:
The issue is that even if that function will be doing nothing, logging
data (which might be sensitive) can be captured via hooks / dump
analysis etc. I really need to pre-processes to eliminate not only
function call but also function parameters completely. Think about
this scenario:
console.debug('password: ',
someFunctionWhichReturnsPasswordFromProtectedStorage());
In this case even if console.debug will be replaced with empty
function, 'someFunctionWhichReturnsPasswordFromProtectedStorage()'
will be executed anyway and as the result password will appear
somewhere in JS heap so after capturing dump it will be simpler to
find it.
2Tomasz:
In fact I would love to use logging category, but only for debug
builds. But I have some requirements to minimize risk of sensitive
data leak via logging. And to make a life of reverse engineers a bit
more complicated if you like. So ideally no logging-related functions
(and their parameters too!) should be visible in release build.
ср, 24 апр. 2019 г. в 21:27, Jérôme Godbout <[email protected]>:
>
> Maybe you can overload the functor directly into the code and import the file
> only if in debug mode (optional module):
> http://udidu.blogspot.com/2012/12/override-console-functions.html
>
> That could also be helpful to split the log into multiple receiver.
>
> Not sure if this would work, but maybe you can override the console.log
> command into the QQmlScriptEngine and define a new javascript function that
> does nothing. Maybe into the your main.cpp where you create the QQmlEngine
> you can call the rootContext() QQmlContext object, maybe you can extract the
> console object with QVariant contextProperty() and set the debug() property
> of it with a QQmlExpression, I cannot glue all this together, but maybe
> something into that direction could be done before you start loading the main
> qml file. This is far fetched by might work but it seem overcomplicated to me.
>
> -----Original Message-----
> From: Interest <[email protected]> On Behalf Of Alexander Ivash
> Sent: April 24, 2019 12:56 PM
> To: interestqt-project.org <[email protected]>
> Subject: [Interest] QML preprocessing
>
> I understand that this topic was raised a lot of times and that this is not
> QML-way. But, what options do I have in case of requirements to eliminate all
> the logging for release builds?
>
> Is there any hidden magic in qmake, like 'QMAKE_SUBSTITUTES' but more
> flexible to substitute all the 'console.debug....' with '// console.debug'
> right before adding qml into resources?
>
> p.s. Yea, I'm aware of selectors, but would like to avoid having both
> component-with-logging.qml and component-with-no-logging.qml
>
> Regards, Alexander
> _______________________________________________
> Interest mailing list
> [email protected]
> https://lists.qt-project.org/listinfo/interest
_______________________________________________
Interest mailing list
[email protected]
https://lists.qt-project.org/listinfo/interest
