t2 crash-reporter: Sanitize the user's username from crash reports. F…

…ixes gh-728 (#729)

Signed-off-by: Rick Waldron <waldron.rick@gmail.com>

lib/crash-reporter.js

@@ -47,6 +47,24 @@ CrashReporter.on = function() {
     });
 };
 
+CrashReporter.sanitize = function(input) {
+  return CrashReporter.sanitize.redactions.reduce((stack, redaction) => redaction(stack), input);
+};
+
+CrashReporter.sanitize.redactions = [
+  (stack) => {
+    var index = __dirname.indexOf('t2-cli');
+
+    if (index !== -1) {
+      stack = stack.replace(new RegExp(escape(__dirname.slice(0, index)), 'g'), '');
+    }
+
+    return stack;
+  },
+  (stack) => stack.replace(new RegExp(escape(os.homedir()), 'g'), ''),
+];
+
+
 CrashReporter.submit = function(report, opts) {
   if (opts === undefined) {
     opts = {};
@@ -65,12 +83,7 @@ CrashReporter.submit = function(report, opts) {
           OS release: ${os.release()}
         `;
 
-        var index = __dirname.indexOf('t2-cli');
-        var stack = report.stack || String(report);
-
-        if (index !== -1) {
-          stack = stack.replace(new RegExp(escape(__dirname.slice(0, index)), 'g'), '');
-        }
+        var stack = CrashReporter.sanitize(report.stack || String(report));
 
         return CrashReporter.post(labels, stack)
           .then(fingerprint => {

test/.jshintrc

@@ -47,6 +47,7 @@
     "NodeRSA": true,
     "RSA": true,
     "osenv": true,
+    "os": true,
     "path": true,
     "Preferences": true,
     "Project": true,

test/common/bootstrap.js

@@ -3,6 +3,7 @@ global.IS_TEST_ENV = true;
 // System Objects
 global.cp = require('child_process');
 global.events = require('events');
+global.os = require('os');
 global.path = require('path');
 global.stream = require('stream');
 global.util = require('util');

test/unit/crash-reporter.js

@@ -119,6 +119,7 @@ exports['CrashReporter.submit'] = {
     this.pRead = this.sandbox.stub(Preferences, 'read').returns(Promise.resolve('on'));
     this.pWrite = this.sandbox.stub(Preferences, 'write').returns(Promise.resolve());
     this.crPost = this.sandbox.spy(CrashReporter, 'post');
+    this.crSanitize = this.sandbox.spy(CrashReporter, 'sanitize');
     this.request = this.sandbox.stub(request, 'post', (opts, handler) => {
       return handler(null, {}, '{}');
     });
@@ -147,15 +148,20 @@ exports['CrashReporter.submit'] = {
     });
   },
 
-  removesIrrelevantPathData: function(test) {
-    test.expect(1);
+  sanitizes: function(test) {
+    test.expect(5);
 
     this.crPost.restore();
     this.crPost = this.sandbox.stub(CrashReporter, 'post').returns(Promise.resolve());
+    var error = new Error(`This happened at ${__dirname}. Line 1 in ${__filename}`);
 
-    CrashReporter.submit(new Error('This happened')).then(() => {
+    CrashReporter.submit(error).then(() => {
+      test.equal(this.crSanitize.callCount, 1);
       // the actual dirname should not appear in the posted report contents
       test.equal(this.crPost.lastCall.args[0].includes(__dirname), false);
+      test.equal(this.crPost.lastCall.args[0].includes(__filename), false);
+      test.equal(this.crPost.lastCall.args[1].includes(__dirname), false);
+      test.equal(this.crPost.lastCall.args[1].includes(__filename), false);
       test.done();
     }).catch(error => {
       test.ok(false, error.message);
@@ -194,7 +200,81 @@ exports['CrashReporter.submit'] = {
       test.done();
     });
   },
+};
+
+
+exports['CrashReporter.sanitize'] = {
+  setUp: function(done) {
+    this.sandbox = sinon.sandbox.create();
+    this.logsErr = this.sandbox.stub(logs, 'err');
+    this.logsInfo = this.sandbox.stub(logs, 'info');
+    this.pRead = this.sandbox.stub(Preferences, 'read').returns(Promise.resolve('on'));
+    this.pWrite = this.sandbox.stub(Preferences, 'write').returns(Promise.resolve());
+    this.crPost = this.sandbox.spy(CrashReporter, 'post');
+    this.request = this.sandbox.stub(request, 'post', (opts, handler) => {
+      return handler(null, {}, '{}');
+    });
+    done();
+  },
+
+  tearDown: function(done) {
+    this.sandbox.restore();
+    done();
+  },
+
+  dirname: function(test) {
+    test.expect(2);
+
+    this.crPost.restore();
+    this.crPost = this.sandbox.stub(CrashReporter, 'post').returns(Promise.resolve());
+
+    var error = new Error(`This happened at ${__dirname}. Line 1 in ${__filename}`);
+
+    CrashReporter.submit(error).then(() => {
+      test.equal(this.crPost.lastCall.args[0].includes(__dirname), false);
+      test.equal(this.crPost.lastCall.args[1].includes(__dirname), false);
+      test.done();
+    }).catch(error => {
+      test.ok(false, error.message);
+      test.done();
+    });
+  },
+
+  filename: function(test) {
+    test.expect(2);
 
+    this.crPost.restore();
+    this.crPost = this.sandbox.stub(CrashReporter, 'post').returns(Promise.resolve());
+
+    var error = new Error(`This happened at ${__dirname}. Line 1 in ${__filename}`);
+
+    CrashReporter.submit(error).then(() => {
+      test.equal(this.crPost.lastCall.args[0].includes(__filename), false);
+      test.equal(this.crPost.lastCall.args[1].includes(__filename), false);
+      test.done();
+    }).catch(error => {
+      test.ok(false, error.message);
+      test.done();
+    });
+  },
+
+  home: function(test) {
+    test.expect(2);
+
+    this.crPost.restore();
+    this.crPost = this.sandbox.stub(CrashReporter, 'post').returns(Promise.resolve());
+
+    var error = new Error(`permission denied, open '${path.join(os.homedir(), '.config')}'`);
+
+    CrashReporter.submit(error).then(() => {
+      test.equal(this.crPost.lastCall.args[0].includes(os.homedir()), false);
+      test.equal(this.crPost.lastCall.args[1].includes(os.homedir()), false);
+      test.done();
+    }).catch(error => {
+      test.ok(false, error.message);
+      test.done();
+    });
+  },
 };
 
 exports['CrashReporter.post'] = {