signal-desktop/ts/util/privacy.ts

// Copyright 2018-2021 Signal Messenger, LLC
// SPDX-License-Identifier: AGPL-3.0-only

/* eslint-env node */

import is from '@sindresorhus/is';
import { join as pathJoin } from 'path';

import { compose } from 'lodash/fp';
import { escapeRegExp } from 'lodash';

export const APP_ROOT_PATH = pathJoin(__dirname, '..', '..');

const PHONE_NUMBER_PATTERN = /\+\d{7,12}(\d{3})/g;
const UUID_PATTERN = /[0-9A-F]{8}-[0-9A-F]{4}-4[0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{9}([0-9A-F]{3})/gi;
const GROUP_ID_PATTERN = /(group\()([^)]+)(\))/g;
const GROUP_V2_ID_PATTERN = /(groupv2\()([^=)]+)(=?=?\))/g;
const REDACTION_PLACEHOLDER = '[REDACTED]';

export type RedactFunction = (value: string) => string;

export const _redactPath = (filePath: string): RedactFunction => {
  if (!is.string(filePath)) {
    throw new TypeError("'filePath' must be a string");
  }

  const filePathPattern = _pathToRegExp(filePath);

  return (text: string): string => {
    if (!is.string(text)) {
      throw new TypeError("'text' must be a string");
    }

    if (!is.regExp(filePathPattern)) {
      return text;
    }

    return text.replace(filePathPattern, REDACTION_PLACEHOLDER);
  };
};

export const _pathToRegExp = (filePath: string): RegExp | undefined => {
  try {
    const pathWithNormalizedSlashes = filePath.replace(/\//g, '\\');
    const pathWithEscapedSlashes = filePath.replace(/\\/g, '\\\\');
    const urlEncodedPath = encodeURI(filePath);
    // Safe `String::replaceAll`:
    // https://github.com/lodash/lodash/issues/1084#issuecomment-86698786
    const patternString = [
      filePath,
      pathWithNormalizedSlashes,
      pathWithEscapedSlashes,
      urlEncodedPath,
    ]
      .map(escapeRegExp)
      .join('|');
    return new RegExp(patternString, 'g');
  } catch (error) {
    return undefined;
  }
};

// Public API
export const redactPhoneNumbers = (text: string): string => {
  if (!is.string(text)) {
    throw new TypeError("'text' must be a string");
  }

  return text.replace(PHONE_NUMBER_PATTERN, `+${REDACTION_PLACEHOLDER}$1`);
};

export const redactUuids = (text: string): string => {
  if (!is.string(text)) {
    throw new TypeError("'text' must be a string");
  }

  return text.replace(UUID_PATTERN, `${REDACTION_PLACEHOLDER}$1`);
};

export const redactGroupIds = (text: string): string => {
  if (!is.string(text)) {
    throw new TypeError("'text' must be a string");
  }

  return text
    .replace(
      GROUP_ID_PATTERN,
      (_, before, id, after) =>
        `${before}${REDACTION_PLACEHOLDER}${removeNewlines(id).slice(
          -3
        )}${after}`
    )
    .replace(
      GROUP_V2_ID_PATTERN,
      (_, before, id, after) =>
        `${before}${REDACTION_PLACEHOLDER}${removeNewlines(id).slice(
          -3
        )}${after}`
    );
};

const createRedactSensitivePaths = (
  paths: ReadonlyArray<string>
): RedactFunction => {
  return compose(paths.map(filePath => _redactPath(filePath)));
};

const sensitivePaths: Array<string> = [];

let redactSensitivePaths: RedactFunction = (text: string) => text;

export const addSensitivePath = (filePath: string): void => {
  sensitivePaths.push(filePath);
  redactSensitivePaths = createRedactSensitivePaths(sensitivePaths);
};

addSensitivePath(APP_ROOT_PATH);

export const redactAll: RedactFunction = compose(
  (text: string) => redactSensitivePaths(text),
  redactGroupIds,
  redactPhoneNumbers,
  redactUuids
);

const removeNewlines: RedactFunction = text => text.replace(/\r?\n|\r/g, '');
Add user path to logging exceptions 2021-06-01 18:15:23 +00:00			`// Copyright 2018-2021 Signal Messenger, LLC`
Add license headers across the project 2020-10-30 20:34:04 +00:00			`// SPDX-License-Identifier: AGPL-3.0-only`

Extract `Privacy` module Centralizes how we redact sensitive information. 2018-03-06 21:20:04 +00:00			`/* eslint-env node */`

Add user path to logging exceptions 2021-06-01 18:15:23 +00:00			`import is from '@sindresorhus/is';`
			`import { join as pathJoin } from 'path';`
Extract `Privacy` module Centralizes how we redact sensitive information. 2018-03-06 21:20:04 +00:00
Add user path to logging exceptions 2021-06-01 18:15:23 +00:00			`import { compose } from 'lodash/fp';`
			`import { escapeRegExp } from 'lodash';`

			`export const APP_ROOT_PATH = pathJoin(__dirname, '..', '..');`
Extract `Privacy` module Centralizes how we redact sensitive information. 2018-03-06 21:20:04 +00:00
			`const PHONE_NUMBER_PATTERN = /\+\d{7,12}(\d{3})/g;`
Passive UUID fixes 2020-03-20 19:01:15 +00:00			`const UUID_PATTERN = /[0-9A-F]{8}-[0-9A-F]{4}-4[0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{9}([0-9A-F]{3})/gi;`
Extract `Privacy` module Centralizes how we redact sensitive information. 2018-03-06 21:20:04 +00:00			`const GROUP_ID_PATTERN = /(group\()([^)]+)(\))/g;`
Support for new GroupV2 groups 2020-09-09 02:25:05 +00:00			`const GROUP_V2_ID_PATTERN = /(groupv2\()([^=)]+)(=?=?\))/g;`
Redact URL encoded file paths in stack traces 2018-04-06 16:54:29 +00:00			`const REDACTION_PLACEHOLDER = '[REDACTED]';`
Extract `Privacy` module Centralizes how we redact sensitive information. 2018-03-06 21:20:04 +00:00
Add user path to logging exceptions 2021-06-01 18:15:23 +00:00			`export type RedactFunction = (value: string) => string;`

			`export const _redactPath = (filePath: string): RedactFunction => {`
Redact URL encoded file paths in stack traces 2018-04-06 16:54:29 +00:00			`if (!is.string(filePath)) {`
Use single quotes for identifiers 2018-04-11 19:44:52 +00:00			`throw new TypeError("'filePath' must be a string");`
Redact URL encoded file paths in stack traces 2018-04-06 16:54:29 +00:00			`}`

Fix storybook errors 2021-06-01 20:40:55 +00:00			`const filePathPattern = _pathToRegExp(filePath);`
Redact URL encoded file paths in stack traces 2018-04-06 16:54:29 +00:00
Add user path to logging exceptions 2021-06-01 18:15:23 +00:00			`return (text: string): string => {`
Redact URL encoded file paths in stack traces 2018-04-06 16:54:29 +00:00			`if (!is.string(text)) {`
Use single quotes for identifiers 2018-04-11 19:44:52 +00:00			`throw new TypeError("'text' must be a string");`
Redact URL encoded file paths in stack traces 2018-04-06 16:54:29 +00:00			`}`

			`if (!is.regExp(filePathPattern)) {`
			`return text;`
			`}`

			`return text.replace(filePathPattern, REDACTION_PLACEHOLDER);`
			`};`
			`};`

Add user path to logging exceptions 2021-06-01 18:15:23 +00:00			`export const _pathToRegExp = (filePath: string): RegExp \| undefined => {`
Escape special characters in file path 2018-03-07 15:57:39 +00:00			`try {`
Redact stack traces with forward and backslashes 2018-04-06 17:19:41 +00:00			`const pathWithNormalizedSlashes = filePath.replace(/\//g, '\\');`
Redact file paths with escaped slashes 2018-04-06 18:25:55 +00:00			`const pathWithEscapedSlashes = filePath.replace(/\\/g, '\\\\');`
Redact stack traces with forward and backslashes 2018-04-06 17:19:41 +00:00			`const urlEncodedPath = encodeURI(filePath);`
Escape special characters in file path 2018-03-07 15:57:39 +00:00			// Safe `String::replaceAll`:
			`// https://github.com/lodash/lodash/issues/1084#issuecomment-86698786`
Redact stack traces with forward and backslashes 2018-04-06 17:19:41 +00:00			`const patternString = [`
			`filePath,`
			`pathWithNormalizedSlashes,`
Redact file paths with escaped slashes 2018-04-06 18:25:55 +00:00			`pathWithEscapedSlashes,`
Redact stack traces with forward and backslashes 2018-04-06 17:19:41 +00:00			`urlEncodedPath,`
Format all source code using Prettier 2018-04-27 21:25:04 +00:00			`]`
			`.map(escapeRegExp)`
			`.join('\|');`
Redact stack traces with forward and backslashes 2018-04-06 17:19:41 +00:00			`return new RegExp(patternString, 'g');`
Escape special characters in file path 2018-03-07 15:57:39 +00:00			`} catch (error) {`
Add user path to logging exceptions 2021-06-01 18:15:23 +00:00			`return undefined;`
Escape special characters in file path 2018-03-07 15:57:39 +00:00			`}`
Redact URL encoded file paths in stack traces 2018-04-06 16:54:29 +00:00			`};`
Extract `Privacy` module Centralizes how we redact sensitive information. 2018-03-06 21:20:04 +00:00
Redact URL encoded file paths in stack traces 2018-04-06 16:54:29 +00:00			`// Public API`
Add user path to logging exceptions 2021-06-01 18:15:23 +00:00			`export const redactPhoneNumbers = (text: string): string => {`
Prefer `is.` over Lodash `is` functions 2018-04-06 16:43:34 +00:00			`if (!is.string(text)) {`
Use single quotes for identifiers 2018-04-11 19:44:52 +00:00			`throw new TypeError("'text' must be a string");`
Extract `Privacy` module Centralizes how we redact sensitive information. 2018-03-06 21:20:04 +00:00			`}`

			return text.replace(PHONE_NUMBER_PATTERN, `+${REDACTION_PLACEHOLDER}$1`);
			`};`

Add user path to logging exceptions 2021-06-01 18:15:23 +00:00			`export const redactUuids = (text: string): string => {`
Passive UUID support Co-authored-by: Scott Nonnenberg <scott@signal.org> 2020-03-05 21:14:58 +00:00			`if (!is.string(text)) {`
			`throw new TypeError("'text' must be a string");`
			`}`

			return text.replace(UUID_PATTERN, `${REDACTION_PLACEHOLDER}$1`);
			`};`

Add user path to logging exceptions 2021-06-01 18:15:23 +00:00			`export const redactGroupIds = (text: string): string => {`
Prefer `is.` over Lodash `is` functions 2018-04-06 16:43:34 +00:00			`if (!is.string(text)) {`
Use single quotes for identifiers 2018-04-11 19:44:52 +00:00			`throw new TypeError("'text' must be a string");`
Extract `Privacy` module Centralizes how we redact sensitive information. 2018-03-06 21:20:04 +00:00			`}`

Support for new GroupV2 groups 2020-09-09 02:25:05 +00:00			`return text`
			`.replace(`
			`GROUP_ID_PATTERN,`
Add user path to logging exceptions 2021-06-01 18:15:23 +00:00			`(_, before, id, after) =>`
Support for new GroupV2 groups 2020-09-09 02:25:05 +00:00			`${before}${REDACTION_PLACEHOLDER}${removeNewlines(id).slice(
			`-3`
			)}${after}`
			`)`
			`.replace(`
			`GROUP_V2_ID_PATTERN,`
Add user path to logging exceptions 2021-06-01 18:15:23 +00:00			`(_, before, id, after) =>`
Support for new GroupV2 groups 2020-09-09 02:25:05 +00:00			`${before}${REDACTION_PLACEHOLDER}${removeNewlines(id).slice(
			`-3`
			)}${after}`
			`);`
Extract `Privacy` module Centralizes how we redact sensitive information. 2018-03-06 21:20:04 +00:00			`};`

Add user path to logging exceptions 2021-06-01 18:15:23 +00:00			`const createRedactSensitivePaths = (`
			`paths: ReadonlyArray<string>`
			`): RedactFunction => {`
Fix storybook errors 2021-06-01 20:40:55 +00:00			`return compose(paths.map(filePath => _redactPath(filePath)));`
Add user path to logging exceptions 2021-06-01 18:15:23 +00:00			`};`

			`const sensitivePaths: Array<string> = [];`

			`let redactSensitivePaths: RedactFunction = (text: string) => text;`

			`export const addSensitivePath = (filePath: string): void => {`
			`sensitivePaths.push(filePath);`
			`redactSensitivePaths = createRedactSensitivePaths(sensitivePaths);`
			`};`

			`addSensitivePath(APP_ROOT_PATH);`
Extract `Privacy` module Centralizes how we redact sensitive information. 2018-03-06 21:20:04 +00:00
Add user path to logging exceptions 2021-06-01 18:15:23 +00:00			`export const redactAll: RedactFunction = compose(`
			`(text: string) => redactSensitivePaths(text),`
			`redactGroupIds,`
			`redactPhoneNumbers,`
			`redactUuids`
Extract `Privacy` module Centralizes how we redact sensitive information. 2018-03-06 21:20:04 +00:00			`);`
Remove newlines from group IDs 2018-05-03 15:46:21 +00:00
Add user path to logging exceptions 2021-06-01 18:15:23 +00:00			`const removeNewlines: RedactFunction = text => text.replace(/\r?\n\|\r/g, '');`