@react-native-windows/telemetry - npm Package Compare versions

Comparing version 0.0.0-canary.2 to 0.0.0-canary.3

CHANGELOG.json

@@ -5,3 +5,18 @@ {
     {
-      "date": "Thu, 05 Nov 2020 05:05:12 GMT",
+      "date": "Thu, 05 Nov 2020 17:30:26 GMT",
+      "tag": "@react-native-windows/telemetry_v0.0.0-canary.3",
+      "version": "0.0.0-canary.3",
+      "comments": {
+        "prerelease": [
+          {
+            "comment": "sanitize paths in other drives too",
+            "author": "asklar@microsoft.com",
+            "commit": "10d82a2167557800fd518a13c170bdc7e7bffc14",
+            "package": "@react-native-windows/telemetry"
+          }
+        ]
+      }
+    },
+    {
+      "date": "Thu, 05 Nov 2020 05:05:45 GMT",
       "tag": "@react-native-windows/telemetry_v0.0.0-canary.2",
@@ -8,0 +23,0 @@ "version": "0.0.0-canary.2",

CHANGELOG.md

 # Change Log - @react-native-windows/telemetry
 
-This log was last generated on Thu, 05 Nov 2020 05:05:12 GMT and should not be manually modified.
+This log was last generated on Thu, 05 Nov 2020 17:30:26 GMT and should not be manually modified.
 
 <!-- Start content -->
 
+## 0.0.0-canary.3
+
+Thu, 05 Nov 2020 17:30:26 GMT
+
+### Changes
+
+- sanitize paths in other drives too (asklar@microsoft.com)
+
 ## 0.0.0-canary.2
 
-Thu, 05 Nov 2020 05:05:12 GMT
+Thu, 05 Nov 2020 05:05:45 GMT
 
@@ -11,0 +19,0 @@ ### Changes

lib-commonjs/telemetry.js

@@ -15,3 +15,30 @@ "use strict";
 exports.telClient = appInsights.defaultClient;
-// CODE-SYNC: \packages\react-native-windows-init\src\Cli.ts
+function getAnonymizedPath(filepath) {
+    const projectRoot = process.cwd().toLowerCase();
+    const knownPathsVars = ['appdata', 'localappdata', 'userprofile'];
+    if (filepath.toLowerCase().startsWith(projectRoot)) {
+        const ext = path.extname(filepath);
+        const rest = filepath.slice(projectRoot.length);
+        const node_modules = '\\node_modules\\';
+        // this is in the project dir but not under node_modules
+        if (rest.toLowerCase().startsWith('\\windows\\')) {
+            return `[windows]\\???${ext}(${filepath.length})`;
+        }
+        else if (rest.toLowerCase().startsWith(node_modules)) {
+            return 'node_modules' + rest.slice(node_modules.length - 1);
+        }
+        else {
+            return `[project_dir]\\???${ext}(${filepath.length})`;
+        }
+    }
+    else {
+        for (const knownPath of knownPathsVars) {
+            if (process.env[knownPath] &&
+                filepath.toLowerCase().startsWith(process.env[knownPath].toLowerCase())) {
+                return `[${knownPath}]\\???(${filepath.length})`;
+            }
+        }
+    }
+    return '[path]';
+}
 /**
@@ -24,25 +51,18 @@ * Sanitize any paths that appear between quotes (''), brackets ([]), or double quotes ("").
     const clean = [];
-    const projectRoot = process.cwd().toLowerCase();
+    const pathRegEx = /[A-Za-z]:\\([^<>:;,?"*\t\r\n|/\\]+\\)+([^<>:;,?"*\t\r\n|/]+)/gi;
     for (const part of parts) {
-        if (part.toLowerCase().startsWith(projectRoot)) {
-            const ext = path.extname(part);
-            const rest = part.slice(projectRoot.length);
-            const node_modules = '\\node_modules\\';
-            // this is in the project dir but not under node_modules
-            if (rest.toLowerCase().startsWith('\\windows\\')) {
-                clean.push(`[windows]\\???${ext}(${part.length})`);
+        if (pathRegEx.test(part)) {
+            pathRegEx.lastIndex = -1;
+            let matches;
+            let noPath = '';
+            let last = 0;
+            while ((matches = pathRegEx.exec(part))) {
+                noPath +=
+                    part.substr(last, matches.index - last) +
+                        getAnonymizedPath(matches[0]);
+                last = matches.index + matches[0].length;
             }
-            else if (rest.toLowerCase().startsWith(node_modules)) {
-                clean.push('node_modules' + rest.slice(node_modules.length - 1));
-            }
-            else {
-                clean.push(`[project_dir]\\???${ext}(${part.length})`);
-            }
+            clean.push(noPath);
         }
-        else if (part.toLowerCase().includes(projectRoot)) {
-            // the path is in there but it isn't in a format we expect
-            const filepathRegEx = new RegExp(`${projectRoot.replace(/\\/g, '\\\\')}[^<>:;,?"*|/]*`, 'gi');
-            clean.push(part.replace(filepathRegEx, '[project_dir]\\...'));
-        }
-        else {
+        else if (part !== '') {
             clean.push(part);
@@ -49,0 +69,0 @@ }

lib-commonjs/test/sanitize.test.js

@@ -22,13 +22,27 @@ "use strict";
     expect(telemetry.sanitizeMessage(`this is the cwd: '${process.cwd()}' and something else`)).toEqual(`this is the cwd:  [project_dir]\\???(${process.cwd().length})  and something else`);
-    expect(telemetry.sanitizeMessage(`this is the cwd: ${process.cwd()} and something else`)).toEqual('this is the cwd: [project_dir]\\...');
+    expect(telemetry.sanitizeMessage(`this is the cwd: ${process.cwd()} and something else`)).toEqual(`this is the cwd: [project_dir]\\???(${(process.cwd() + ' and something else').length})`);
 });
 test('Sanitize message, node_modules', () => {
     expect(telemetry.sanitizeMessage(`this is the cwd: '${process.cwd()}\\node_modules'`)).toEqual(`this is the cwd:  [project_dir]\\???(${(process.cwd() + '\\node_modules').length})`);
-    expect(telemetry.sanitizeMessage(`this is the cwd: '${process.cwd()}\\node_modules\\'`)).toEqual('this is the cwd:  node_modules\\');
-    expect(telemetry.sanitizeMessage(`uppercase: '${process.cwd().toUpperCase()}\\NODE_MODULES\\'`)).toEqual('uppercase:  node_modules\\');
+    expect(telemetry.sanitizeMessage(`this is the cwd: '${process.cwd()}\\node_modules\\foo'`)).toEqual('this is the cwd:  node_modules\\foo');
+    expect(telemetry.sanitizeMessage(`uppercase: '${process.cwd().toUpperCase()}\\NODE_MODULES\\foo'`)).toEqual('uppercase:  node_modules\\foo');
     expect(telemetry.sanitizeMessage(`lowercase: '${process.cwd().toLowerCase()}\\NODE_MODULES\\'`)).toEqual('lowercase:  node_modules\\');
     expect(telemetry.sanitizeMessage(`trailing: '${process.cwd()}\\node_modules\\' and something else`)).toEqual('trailing:  node_modules\\  and something else');
-    expect(telemetry.sanitizeMessage(`this is the cwd: ${process.cwd()}\\node_modules and something else that could be part of the path`)).toEqual('this is the cwd: [project_dir]\\...');
-    expect(telemetry.sanitizeMessage(`this is the cwd: ${process.cwd()}\\node_modules\\ and something else that could be part of the path`)).toEqual('this is the cwd: [project_dir]\\...');
+    expect(telemetry.sanitizeMessage(`this is the cwd: ${process.cwd()}\\node_modules and something else that could be part of the path`)).toEqual(`this is the cwd: [project_dir]\\???(${(process.cwd() +
+        '\\node_modules and something else that could be part of the path').length})`);
+    expect(telemetry.sanitizeMessage(`this is the cwd: ${process.cwd()}\\node_modules\\ a file under nm`)).toEqual(`this is the cwd: node_modules\\ a file under nm`);
 });
+test('Sanitize message, other path', () => {
+    expect(telemetry.sanitizeMessage(`this is another path: 'A:\\foo\\bar\\baz'`)).toEqual(`this is another path:  [path]`);
+    expect(telemetry.sanitizeMessage(`this is another path: A:\\foo\\bar\\baz`)).toEqual(`this is another path: [path]`);
+    expect(telemetry.sanitizeMessage(`Cannot find module 'react-native/package.json'
+      Require stack:
+      - ${process.env.APPDATA}\\npm-cache\\_npx\\1384\\node_modules\\react-native-windows-init\\lib-commonjs\\Cli.js
+      - ${process.env.APPDATA}\\npm-cache\\_npx\\1384\\node_modules\\react-native-windows-init\\bin.js`)).toEqual(`Cannot find module  react-native/package.json 
+      Require stack:
+      - [appdata]\\???(${(process.env.APPDATA +
+        '\\npm-cache\\_npx\\1384\\node_modules\\react-native-windows-init\\lib-commonjs\\Cli.js').length})
+      - [appdata]\\???(${(process.env.APPDATA +
+        '\\npm-cache\\_npx\\1384\\node_modules\\react-native-windows-init\\bin.js').length})`);
+});
 test('Sanitize stack frame', () => {
@@ -133,3 +147,3 @@ const emptyFrame = {
             expect(data.exceptions.length).toEqual(1);
-            expect(data.exceptions[0].message).toEqual('hello [project_dir]\\...');
+            expect(data.exceptions[0].message).toEqual(`hello [project_dir]\\???(${process.cwd().length})`);
             const stack = data.exceptions[0].parsedStack;
@@ -136,0 +150,0 @@ expect(stack).toBeDefined();

package.json

 {
   "name": "@react-native-windows/telemetry",
-  "version": "0.0.0-canary.2",
+  "version": "0.0.0-canary.3",
   "license": "MIT",
@@ -5,0 +5,0 @@ "main": "lib-commonjs/index.js",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

30450

increased by13.34%

Lines of code

378

increased by14.89%

Worsened metrics

Number of low supply chain risk alerts

10

increased by150%

No dependency changes