@react-native-windows/telemetry - npm Package Compare versions

Comparing version 0.0.0-canary.7 to 0.0.0-canary.8

CHANGELOG.json

@@ -5,3 +5,18 @@ {
     {
-      "date": "Thu, 12 Nov 2020 05:05:19 GMT",
+      "date": "Mon, 16 Nov 2020 14:38:48 GMT",
+      "tag": "@react-native-windows/telemetry_v0.0.0-canary.8",
+      "version": "0.0.0-canary.8",
+      "comments": {
+        "prerelease": [
+          {
+            "comment": "anonymize paths with forward slashes and file shares",
+            "author": "asklar@microsoft.com",
+            "commit": "04e766ef7304d0852a06e772cbfc1982897a3808",
+            "package": "@react-native-windows/telemetry"
+          }
+        ]
+      }
+    },
+    {
+      "date": "Thu, 12 Nov 2020 05:05:57 GMT",
       "tag": "@react-native-windows/telemetry_v0.0.0-canary.7",
@@ -8,0 +23,0 @@ "version": "0.0.0-canary.7",

CHANGELOG.md

 # Change Log - @react-native-windows/telemetry
 
-This log was last generated on Thu, 12 Nov 2020 05:05:19 GMT and should not be manually modified.
+This log was last generated on Mon, 16 Nov 2020 14:38:48 GMT and should not be manually modified.
 
 <!-- Start content -->
 
+## 0.0.0-canary.8
+
+Mon, 16 Nov 2020 14:38:48 GMT
+
+### Changes
+
+- anonymize paths with forward slashes and file shares (asklar@microsoft.com)
+
 ## 0.0.0-canary.7
 
-Thu, 12 Nov 2020 05:05:19 GMT
+Thu, 12 Nov 2020 05:05:57 GMT
 
@@ -11,0 +19,0 @@ ### Changes

lib-commonjs/telemetry.d.ts

@@ -20,2 +20,3 @@ /**
 export declare function sanitizeFrame(frame: any): void;
+export declare function tryGetErrorCode(msg: string): string | undefined;
 /**
@@ -22,0 +23,0 @@ * Remove PII from exceptions' stack traces and messages

lib-commonjs/telemetry.js

@@ -8,3 +8,3 @@ "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getDiskFreeSpace = exports.isMSFTInternal = exports.sanitizeEnvelope = exports.sanitizeFrame = exports.sanitizeMessage = exports.Telemetry = void 0;
+exports.getDiskFreeSpace = exports.isMSFTInternal = exports.sanitizeEnvelope = exports.tryGetErrorCode = exports.sanitizeFrame = exports.sanitizeMessage = exports.Telemetry = void 0;
 const path = require("path");
@@ -58,3 +58,4 @@ const crypto_1 = require("crypto");
     const projectRoot = process.cwd().toLowerCase();
-    const knownPathsVars = ['appdata', 'localappdata', 'userprofile'];
+    filepath = filepath.replace(/\//g, '\\');
+    const knownPathsVars = ['AppData', 'LocalAppData', 'UserProfile'];
     if (filepath.toLowerCase().startsWith(projectRoot)) {
@@ -90,5 +91,7 @@ const ext = path.extname(filepath);
 function sanitizeMessage(msg) {
+    const cpuThreadId = /^\d+(:\d+)?>/g;
+    msg = msg.replace(cpuThreadId, '');
     const parts = msg.split(/['[\]"]/g);
     const clean = [];
-    const pathRegEx = /[A-Za-z]:\\([^<>:;,?"*\t\r\n|/\\]+\\)+([^<>:;,?"*\t\r\n|/]+)/gi;
+    const pathRegEx = /([A-Za-z]:|\\)[\\/]([^<>:;,?"*\t\r\n|/\\]+[\\/])+([^<>:;,?"*\t\r\n|]+\/?)/gi;
     for (const part of parts) {
@@ -129,2 +132,8 @@ if (pathRegEx.test(part)) {
 exports.sanitizeFrame = sanitizeFrame;
+function tryGetErrorCode(msg) {
+    const errorRegEx = /error (\w+\d+):/gi;
+    const m = errorRegEx.exec(msg);
+    return m ? m[1] : undefined;
+}
+exports.tryGetErrorCode = tryGetErrorCode;
 /**
@@ -141,2 +150,4 @@ * Remove PII from exceptions' stack traces and messages
             }
+            const errorCode = tryGetErrorCode(exception.message);
+            data.properties.errorCode = errorCode;
             exception.message = sanitizeMessage(exception.message);
@@ -150,4 +161,4 @@ }
 function isMSFTInternal() {
-    return (process.env.USERDNSDOMAIN !== undefined &&
-        process.env.USERDNSDOMAIN.toLowerCase().endsWith('.microsoft.com'));
+    return (process.env.UserDNSDomain !== undefined &&
+        process.env.UserDNSDomain.toLowerCase().endsWith('.microsoft.com'));
 }
@@ -154,0 +165,0 @@ exports.isMSFTInternal = isMSFTInternal;

lib-commonjs/test/sanitize.test.js

@@ -41,10 +41,24 @@ "use strict";
       Require stack:
-      - ${process.env.APPDATA}\\npm-cache\\_npx\\1384\\node_modules\\react-native-windows-init\\lib-commonjs\\Cli.js
-      - ${process.env.APPDATA}\\npm-cache\\_npx\\1384\\node_modules\\react-native-windows-init\\bin.js`)).toEqual(`Cannot find module  react-native/package.json 
+      - ${process.env.AppData}\\npm-cache\\_npx\\1384\\node_modules\\react-native-windows-init\\lib-commonjs\\Cli.js
+      - ${process.env.AppData}\\npm-cache\\_npx\\1384\\node_modules\\react-native-windows-init\\bin.js`)).toEqual(`Cannot find module  react-native/package.json 
       Require stack:
-      - [appdata]\\???(${(process.env.APPDATA +
+      - [AppData]\\???(${(process.env.AppData +
         '\\npm-cache\\_npx\\1384\\node_modules\\react-native-windows-init\\lib-commonjs\\Cli.js').length})
-      - [appdata]\\???(${(process.env.APPDATA +
+      - [AppData]\\???(${(process.env.AppData +
         '\\npm-cache\\_npx\\1384\\node_modules\\react-native-windows-init\\bin.js').length})`);
 });
+test('Sanitize message, forward slashes', () => {
+    expect(telemetry_1.sanitizeMessage(`EPERM: operation not permitted, scandir  ${process.env.UserProfile.replace(/\\/g, '/')}/source/repos/rn2/wintest/windows/packages/boost.1.72.0.0/lib/native/include`)).toEqual(`EPERM: operation not permitted, scandir  [UserProfile]\\???(${(process.env.UserProfile +
+        '/source/repos/rn2/wintest/windows/packages/boost.1.72.0.0/lib/native/include').length})`);
+});
+test('Sanitize message, file share path', () => {
+    expect(telemetry_1.sanitizeMessage(`\\\\server\\share`)).toEqual('[path]');
+});
+test('Sanitize message, with cpu/thread id', () => {
+    expect(telemetry_1.sanitizeMessage('5>This is an error')).toEqual('This is an error');
+    expect(telemetry_1.sanitizeMessage('5:42>This is an error')).toEqual('This is an error');
+});
+test('Error code', () => {
+    expect(telemetry_1.tryGetErrorCode('foo bar error FOO2020: the thing')).toEqual('FOO2020');
+});
 test('Sanitize stack frame', () => {
@@ -142,2 +156,19 @@ const emptyFrame = {
 });
+test('throw exception with error code', done => {
+    telemetry_1.Telemetry.client.addTelemetryProcessor((envelope, _) => {
+        const data = envelope.data.baseData;
+        expect(data.properties.errorCode).toEqual('FOO2020');
+        return true;
+    });
+    try {
+        throw new Error('hello from an error FOO2020: the error string');
+    }
+    catch (e) {
+        telemetry_1.Telemetry.client.trackException({ exception: e });
+        telemetry_1.Telemetry.client.flush();
+    }
+    telemetry_1.Telemetry.client.clearTelemetryProcessors();
+    telemetry_1.Telemetry.client.addTelemetryProcessor(telemetry_1.sanitizeEnvelope);
+    done();
+});
 test('thrown exception a->b, hello path', done => {
@@ -144,0 +175,0 @@ let pass = false;

package.json

 {
   "name": "@react-native-windows/telemetry",
-  "version": "0.0.0-canary.7",
+  "version": "0.0.0-canary.8",
   "license": "MIT",
@@ -5,0 +5,0 @@ "main": "lib-commonjs/index.js",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 3 instances in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Improved metrics

Total package byte prevSize

40905

increased by12.88%

Lines of code

552

increased by11.97%

Worsened metrics

Number of low supply chain risk alerts

18

increased by12.5%

No dependency changes