Hash the generator assembly and type names

Since the names of the generator/type may reveal sensitive things (company names), we'll hash this; this is sharing the same code we use for analyzers.
dotnet · Aug 17, 2022 · edefbd1 · edefbd1
1 parent a5aec76
commit edefbd1
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 9 deletions.
diff --git a/src/Features/Core/Portable/Diagnostics/DiagnosticAnalyzerTelemetry.cs b/src/Features/Core/Portable/Diagnostics/DiagnosticAnalyzerTelemetry.cs
@@ -106,7 +106,7 @@ public void ReportAndClear(int correlationId)
                     else
                     {
                         // annonymize analyzer and exception names:
-                        m["Analyzer.NameHashCode"] = ComputeSha256Hash(analyzerName);
+                        m["Analyzer.NameHashCode"] = AnalyzerNameForTelemetry.ComputeSha256Hash(analyzerName);
                     }
 
                     m["Analyzer.CodeBlock"] = analyzerInfo.CodeBlockActionsCount;
@@ -130,11 +130,5 @@ public void ReportAndClear(int correlationId)
                 }));
             }
         }
-
-        private static string ComputeSha256Hash(string name)
-        {
-            using var sha256 = SHA256.Create();
-            return Convert.ToBase64String(sha256.ComputeHash(Encoding.UTF8.GetBytes(name)));
-        }
     }
 }
diff --git a/src/Workspaces/Core/Portable/Log/AnalyzerNameForTelemetry.cs b/src/Workspaces/Core/Portable/Log/AnalyzerNameForTelemetry.cs
@@ -0,0 +1,20 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+
+using System;
+using System.Collections.Generic;
+using System.Security.Cryptography;
+using System.Text;
+
+namespace Microsoft.CodeAnalysis.Internal.Log
+{
+    internal static class AnalyzerNameForTelemetry
+    {
+        public static string ComputeSha256Hash(string name)
+        {
+            using var sha256 = SHA256.Create();
+            return Convert.ToBase64String(sha256.ComputeHash(Encoding.UTF8.GetBytes(name)));
+        }
+    }
+}
diff --git a/...re/Portable/SourceGeneratorTelemetry/SourceGeneratorTelemetryCollectorWorkspaceService.cs b/...re/Portable/SourceGeneratorTelemetry/SourceGeneratorTelemetryCollectorWorkspaceService.cs
@@ -56,9 +56,10 @@ public void ReportStatisticsAndClear(FunctionId functionId)
                 // We'll log one event per generator
                 Logger.Log(functionId, KeyValueLogMessage.Create(map =>
                 {
-                    map[nameof(telemetryKey.Identity.AssemblyName)] = telemetryKey.Identity.AssemblyName;
+                    // TODO: have a policy for when we don't have to hash them
+                    map[nameof(telemetryKey.Identity.AssemblyName) + "Hashed"] = AnalyzerNameForTelemetry.ComputeSha256Hash(telemetryKey.Identity.AssemblyName);
                     map[nameof(telemetryKey.Identity.AssemblyVersion)] = telemetryKey.Identity.AssemblyVersion.ToString();
-                    map[nameof(telemetryKey.Identity.TypeName)] = telemetryKey.Identity.TypeName;
+                    map[nameof(telemetryKey.Identity.TypeName) + "Hashed"] = AnalyzerNameForTelemetry.ComputeSha256Hash(telemetryKey.Identity.TypeName);
                     map[nameof(telemetryKey.FileVersion)] = telemetryKey.FileVersion;
 
                     var result = elapsedTimeCounter.GetStatisticResult();