It is too easy to accidentally log message contents in rageshakes

[richvdh]

There have been numerous occasions over the years where we accidentally include message contents in rageshakes, most recently #26376.

A common failure mode is to write something like:

let event = getEventFromSomewhere();
// ...
logger.info("Processing event", e);

What happens then is that we call JSON.stringify (https://github.com/matrix-org/matrix-react-sdk/blob/v3.82.0/src/rageshake/rageshake.ts#L94) which in turn calls MatrixEvent.toJSON, which includes the message content.

I assert that we should either:

• change the existing consumers of MatrixEvent.toJSON to use some other method, then update toJSON to elide message content
• special-case MatrixEvent in rageshake.log

[richvdh]

On the known call sites of MatrixEvent.toJSON.

• I don't believe that "view event source" does call MatrixEvent.toJSON. The relevant code is here and, as you can see, it introspects the event and clearEvent properties of MatrixEvent (which it then JSON.stringify()s), rather than calling .toJSON on the event itself.
• The relevant code for seshat is in EventIndex. I think it should just call MatrixEvent.getEffectiveEvent() rather than undoing the work of MatrixEvent.toJSON.

[richvdh]

I now believe there are no legitimate callers of MatrixEvent.toJSON. We should give it a release cycle or two, and then remove it (or replace it with some safe version).

[richvdh]

I'd love not to be responsible for taking this further :)