From c19a4e88f49ba3496751c4b87ebcfa0f6b47f0ce Mon Sep 17 00:00:00 2001
From: Eric Wong <e@80x24.org>
Date: Tue, 25 Jun 2019 04:08:14 +0000
Subject: searchview: avoid displaying full paths on errors

Displaying full path names of installed modules could expose
unnecessary information about user home directory names or other
potentially sensitive information.  However, displaying a module
name could still be useful for diagnosing problems, so map full
paths to the relevant part of the path name which is relevant to
the package name.

Reported-by: Ali Alnubani <alialnu@mellanox.com>
  https://public-inbox.org/meta/20190611193815.c4uovtlp574bid6x@dcvr/
---
 lib/PublicInbox/SearchView.pm | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'lib/PublicInbox/SearchView.pm')

diff --git a/lib/PublicInbox/SearchView.pm b/lib/PublicInbox/SearchView.pm
index 6f07279b..a8b66dda 100644
--- a/lib/PublicInbox/SearchView.pm
+++ b/lib/PublicInbox/SearchView.pm
@@ -15,6 +15,7 @@ use PublicInbox::MIME;
 require PublicInbox::Git;
 require PublicInbox::SearchThread;
 our $LIM = 200;
+my %rmap_inc;
 
 sub noop {}
 
@@ -138,10 +139,27 @@ sub mset_summary {
 	*noop;
 }
 
+# shorten "/full/path/to/Foo/Bar.pm" to "Foo/Bar.pm" so error
+# messages don't reveal FS layout info in case people use non-standard
+# installation paths
+sub path2inc ($) {
+	my $full = $_[0];
+	if (my $short = $rmap_inc{$full}) {
+		return $short;
+	} elsif (!scalar(keys %rmap_inc) && -e $full) {
+		%rmap_inc = map {; "$INC{$_}" => $_ } keys %INC;
+		# fall back to basename as last resort
+		$rmap_inc{$full} // (split('/', $full))[-1];
+	} else {
+		$full;
+	}
+}
+
 sub err_txt {
 	my ($ctx, $err) = @_;
 	my $u = $ctx->{-inbox}->base_url($ctx->{env}) . '_/text/help/';
 	$err =~ s/^\s*Exception:\s*//; # bad word to show users :P
+	$err =~ s!(\S+)!path2inc($1)!sge;
 	$err = ascii_html($err);
 	"\nBad query: <b>$err</b>\n" .
 		qq{See <a\nhref="$u">$u</a> for help on using search};
-- 
cgit v1.2.3-24-ge0c7