fix: strip potential PII from release binaries

This sets rusts `--remap-path-prefix` flags to strip potential PII from release binaries by truncating absolute paths from panic messages and debug symbols. closes: #6538
tauri-apps · Mar 24, 2023 · cc63794 · cc63794
1 parent 2f70d8d
commit cc63794
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/tooling/cli/src/interface/rust/desktop.rs b/tooling/cli/src/interface/rust/desktop.rs
@@ -308,6 +308,17 @@ fn build_command(
   build_cmd.arg("build");
   build_cmd.args(args);
 
+  // set the rust --remap-path-prefix flags to strip absolute paths that could leak usernames or other PII from panic messages and debug symbols
+  // see https://github.com/tauri-apps/tauri/issues/6538 for context
+  let mut rustflags = std::env::var("RUSTFLAGS")
+    .unwrap_or_default();
+
+  rustflags.push_str(&format!(" --remap-path-prefix={}=", std::env::current_dir().unwrap().display()));
+  rustflags.push_str(&format!(" --remap-path-prefix={}=cargo", env!("CARGO_HOME")));
+  rustflags.push_str(&format!(" --remap-path-prefix={}=rustup", env!("RUSTUP_HOME")));
+
+  build_cmd.envs([("RUSTFLAGS", rustflags)]);
+
   Ok(build_cmd)
 }