Merge pull request #4114 from snyk/chore/HMMR-559-filter_temp_dir

chore: additionally redact user homedir if still in analytics data

cliv2/internal/analytics/analytics.go

@@ -202,7 +202,7 @@ func (a *Analytics) GetRequest() (*http.Request, error) {
 	if err != nil {
 		return nil, err
 	}
-	outputJson, err = SanitizeUsername(user.Username, sanitize_replacement_string, outputJson)
+	outputJson, err = SanitizeUsername(user.Username, user.HomeDir, sanitize_replacement_string, outputJson)
 	if err != nil {
 		return nil, err
 	}
@@ -259,7 +259,7 @@ func SanitizeValuesByKey(keysToFilter []string, replacementValue string, content
 	return content, nil
 }
 
-func SanitizeUsername(rawUserName string, replacementValue string, content []byte) ([]byte, error) {
+func SanitizeUsername(rawUserName string, userHomeDir string, replacementValue string, content []byte) ([]byte, error) {
 	contentStr := string(content)
 	contentStr = strings.ReplaceAll(contentStr, rawUserName, replacementValue)
 
@@ -279,5 +279,8 @@ func SanitizeUsername(rawUserName string, replacementValue string, content []byt
 		}
 	}
 
+	// if the homedir is still there, we ensure to remove it completely
+	contentStr = strings.ReplaceAll(contentStr, strings.ReplaceAll(userHomeDir, "\\", "\\\\"), replacementValue)
+
 	return []byte(contentStr), nil
 }

cliv2/internal/analytics/analytics_test.go

@@ -6,6 +6,7 @@ import (
 	"io"
 	"net/http"
 	"os"
+	"os/user"
 	"strings"
 	"testing"
 
@@ -120,67 +121,78 @@ func Test_SanitizeUsername(t *testing.T) {
 		Other    string
 	}
 
-	rawUserName := "someuser"
-	simpleUsername := "someuser"
-	replacement := "REDACTED"
-
-	inputStruct := sanTest{
-		ErrorLog: "/Users/" + rawUserName + "/some/path",
-		Other:    fmt.Sprintf("some other value where %s is contained", rawUserName),
+	type input struct {
+		userName     string
+		domainPrefix string
+		homeDir      string
 	}
 
-	input, _ := json.Marshal(inputStruct)
-	fmt.Println("Before: " + string(input))
+	user, err := user.Current()
+	assert.Nil(t, err)
 
-	// invoke method under test
-	output, err := SanitizeUsername(rawUserName, replacement, input)
+	// runs 3 cases
+	// 1. without domain name
+	// 2. with domain name
+	// 3. user name and path are different
+	// 4. current OS values
+	replacement := "REDACTED"
+	inputData := []input{
+		{
+			userName:     "some.user",
+			domainPrefix: "",
+			homeDir:      `/Users/some.user/some/Path`,
+		},
+		{
+			userName:     "some.user",
+			domainPrefix: "domainName\\",
+			homeDir:      `C:\Users\some.user\AppData\Local`,
+		},
+		{
+			userName:     "someuser",
+			domainPrefix: "domainName\\",
+			homeDir:      `C:\Users\some.user\AppData/Local`,
+		},
+		{
+			userName:     user.Username,
+			domainPrefix: "",
+			homeDir:      user.HomeDir,
+		},
+	}
 
-	fmt.Println("After: " + string(output))
-	assert.Nil(t, err, "Failed to santize static values!")
+	for i := range inputData {
+		simpleUsername := inputData[i].userName
+		rawUserName := inputData[i].domainPrefix + inputData[i].userName
+		homeDir := inputData[i].homeDir
 
-	numRedacted := strings.Count(string(output), replacement)
-	assert.Equal(t, 2, numRedacted)
+		inputStruct := sanTest{
+			ErrorLog: fmt.Sprintf(`Can't execute %s\path/to/something/file.exe for whatever reason.`, homeDir),
+			Other:    fmt.Sprintf("some other value where %s is contained", rawUserName),
+		}
 
-	numUsernameInstances := strings.Count(string(output), rawUserName)
-	assert.Equal(t, 0, numUsernameInstances)
+		input, _ := json.Marshal(inputStruct)
+		fmt.Printf("%d - Before: %s\n", i, string(input))
 
-	numSimpleUsernameInstances := strings.Count(string(output), simpleUsername)
-	assert.Equal(t, 0, numSimpleUsernameInstances)
+		// invoke method under test
+		output, err := SanitizeUsername(rawUserName, homeDir, replacement, input)
 
-	var outputStruct sanTest
-	json.Unmarshal(output, &outputStruct)
-	assert.Equal(t, "/Users/REDACTED/some/path", outputStruct.ErrorLog)
-	assert.Equal(t, "some other value where REDACTED is contained", outputStruct.Other)
-
-	// Check with Windows style domain\username
-	rawUserName = "somedomain\\someuser"
-	simpleUsername = "someuser"
-	replacement = "REDACTED"
-
-	inputStruct = sanTest{
-		ErrorLog: fmt.Sprintf("C:\\Users\\%s\\some\\path", simpleUsername),
-		Other:    fmt.Sprintf("some other value where %s is contained", rawUserName),
-	}
+		fmt.Printf("%d - After: %s\n", i, string(output))
+		assert.Nil(t, err, "Failed to santize static values!")
 
-	input, _ = json.Marshal(inputStruct)
-	fmt.Println("Before: " + string(input))
+		numRedacted := strings.Count(string(output), replacement)
+		assert.Equal(t, 2, numRedacted)
 
-	// invoke method under test
-	output, err = SanitizeUsername(rawUserName, replacement, input)
+		numUsernameInstances := strings.Count(string(output), rawUserName)
+		assert.Equal(t, 0, numUsernameInstances)
 
-	fmt.Println("After: " + string(output))
-	assert.Nil(t, err, "Failed to santize static values!")
+		numSimpleUsernameInstances := strings.Count(string(output), simpleUsername)
+		assert.Equal(t, 0, numSimpleUsernameInstances)
 
-	numRedacted = strings.Count(string(output), replacement)
-	assert.Equal(t, 2, numRedacted)
+		numHomeDirInstances := strings.Count(string(output), homeDir)
+		assert.Equal(t, 0, numHomeDirInstances)
 
-	numUsernameInstances = strings.Count(string(output), rawUserName)
-	assert.Equal(t, 0, numUsernameInstances)
+		var outputStruct sanTest
+		json.Unmarshal(output, &outputStruct)
 
-	numSimpleUsernameInstances = strings.Count(string(output), simpleUsername)
-	assert.Equal(t, 0, numSimpleUsernameInstances)
+	}
 
-	json.Unmarshal(output, &outputStruct)
-	assert.Equal(t, "C:\\Users\\REDACTED\\some\\path", outputStruct.ErrorLog)
-	assert.Equal(t, "some other value where somedomain\\REDACTED is contained", outputStruct.Other)
 }