Remove JFR files from sensitiveFileNameRegexes

[Marcono1234]

Currently JFR files are listed as sensitive files because they contained access tokens in the past:

arisa-kt/config/config.yml

Lines 194 to 195 in 743fbd2

	# Java Flight Recorder files contain session token in some Minecraft versions
	- '.*\.jfr'

However, we were told internally (where #751 had been mentioned as well), that the latest Minecraft versions do not include the access token in the JFR files anymore.
So in for example a month (to add some safety delay in case users still upload them from old versions) we should probably remove the JFR files from the sensitive file names list again.

[osfanbuff63]

Do we still want to do this?

[Marcono1234]

Removing this would allow sharing JFR reports publicly on Mojira (though they are not shared very often).
However, it looks like they contain the access token again (have created a Mojira issue for that), so this is blocked until that issue is fixed.

[violine1101]

JFR reports also contain full paths on Windows, which usually include the Windows user name (which can be considered private information)

[osfanbuff63]

With that, we could probably use some regex or something to replace the username with ******** or something - don't know how hard that would be though.

[Marcono1234]

With that, we could probably use some regex or something to replace the username with ******** or something - don't know how hard that would be though.

JFR files seem to use a custom binary file format, so we probably cannot easily redact information in it.

However, I assume the number of Mojira issues where JFR files are attached is probably rather low, so maybe it is acceptable to just set these few issues to private?
In that case, should we simply close this GitHub issue and keep the Arisa config as it is?

[violine1101]

However, I assume the number of Mojira issues where JFR files are attached is probably rather low, so maybe it is acceptable to just set these few issues to private?

Yes, the amount of jfr files attached to bug reports has been very low, so in general I feel like a more sophisticated solution is not worth it.

However, the current solution is still suboptimal. For example: JFR files were added to https://bugs.mojang.com/browse/MC-249136 by someone other than the reporter, and subsequently the bug report was set to private. This was confusing for the person attaching these bug reports, and also brings the potential for intentional sabotage.

So I'm currently thinking that this either should be a manual task instead of automated, or we should prevent attaching jfr files by non-reporters outright.

[Marcono1234]

This was confusing for the person attaching these bug reports, and also brings the potential for intentional sabotage.
[...]
or we should prevent attaching jfr files by non-reporters outright

That is similar to #663, and as mentioned there in the comments it might also affect attachments which cause a report to be resolved as Invalid (not sure if that is still the case though).