fix(redact): use fast and safe path and email regex MONGOSH-1392 (#401)

* fix: use fast and safe path and email regex MONGOSH-1392 * refactor: clean up * test: update test name * fix: handle export/home
mongodb-js · Jul 10, 2024 · 6684110 · 6684110
1 parent 65a4bf6
commit 6684110
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 37 deletions.
diff --git a/packages/mongodb-redact/src/index.spec.ts b/packages/mongodb-redact/src/index.spec.ts
@@ -85,44 +85,43 @@ describe('mongodb-redact', function () {
       expect(redact(PRIVATE_KEY)).to.equal('<private key>');
     });
 
-    it('should redact OS X resource paths', function () {
-      const res = redact(
-        '/Applications/MongoDB%20Compass.app/Contents/Resources/app/index.html'
+    it('should redact OS X user paths', function () {
+      let res = redact(
+        '/Users/foo/Applications/MongoDB%20Compass.app/Contents/Resources/app/index.html'
+      );
+      expect(res).to.equal(
+        '/Users/<user>/Applications/MongoDB%20Compass.app/Contents/Resources/app/index.html'
       );
-      expect(res).to.equal('/<path>/index.html');
+      res = redact('/Users/JohnDoe/Documents/letter.pages');
+      expect(res).to.equal(res, '/Users/<user>/Documents/letter.pages');
+      res = redact('file:///Users/JohnDoe/Documents/letter.pages');
+      expect(res).to.equal(res, 'file:///Users/<user>/Documents/letter.pages');
     });
 
-    it('should redact Windows resource paths using forward slash', function () {
-      const res = redact(
+    it('should redact Windows user paths using backward slash', function () {
+      let res = redact(
         'C:\\Users\\foo\\AppData\\Local\\MongoDBCompass\\app-1.0.1\\resources\\app\\index.js'
       );
-      expect(res).to.equal('\\<path>\\index.js');
+      expect(res).to.equal(res, 'C:\\Users\\<user>\\index.js');
+      res = redact('c:\\Users\\JohnDoe\\test');
+      expect(res).to.equal(res, 'c:\\Users\\<user>\\test');
+      res = redact('C:\\Documents and Settings\\JohnDoe\\test');
+      expect(res).to.equal(res, 'C:\\Documents and Settings\\<user>\\test');
     });
 
-    it('should redact Windows resource paths using backward slash', function () {
+    it('should redact Windows user paths using forward slash', function () {
       const res = redact(
         'C:/Users/foo/AppData/Local/MongoDBCompass/app-1.0.1/resources/app/index.js'
       );
-      expect(res).to.equal('/<path>/index.js');
+      expect(res).to.equal(
+        res,
+        'C:/Users/<user>/AppData/Local/MongoDBCompass/app-1.0.1/resources/app/index.js'
+      );
     });
 
-    it('should redact Linux resource paths', function () {
+    it('should redact Linux user paths', function () {
       const res = redact('/usr/foo/myapps/resources/app/index.html');
-      expect(res).to.equal('/<path>/index.html');
-    });
-
-    it('should redact general Windows user paths', function () {
-      let res = redact('c:\\Users\\JohnDoe\\test');
-      expect(res).to.equal('c:\\Users\\<user>\\test');
-      res = redact('C:\\Documents and Settings\\JohnDoe\\test');
-      expect(res).to.equal('C:\\Documents and Settings\\<user>\\test');
-    });
-
-    it('should redact general OS X user paths', function () {
-      let res = redact('/Users/JohnDoe/Documents/letter.pages');
-      expect(res).to.equal('/Users/<user>/Documents/letter.pages');
-      res = redact('file:///Users/JohnDoe/Documents/letter.pages');
-      expect(res).to.equal('file:///Users/<user>/Documents/letter.pages');
+      expect(res).to.equal(res, '/usr/<user>/myapps/resources/app/index.html');
     });
 
     it('should redact URLs', function () {

diff --git a/packages/mongodb-redact/src/regexes.ts b/packages/mongodb-redact/src/regexes.ts
@@ -11,23 +11,20 @@ export const regexes = [
     '<private key>',
   ],
 
-  // Electron app resources specific directories
-  [/(file:\/\/)?\S+\/Contents\/Resources\/app\//gm, '$1/<path>/'],
-  [/(file:\/\/)?([a-zA-Z]:)?\\\S+\\resources\\app\\/gm, '$1\\<path>\\'],
-  [/(file:\/\/)?([a-zA-Z]:)?\/\S+\/resources\/app\//gm, '$1/<path>/'],
-
-  // Generic user directories
-  [/\/(Users?)\/[^/]*\//gm, '/$1/<user>/'],
+  // User directories
+  [
+    /(file:\/\/|\/)(Users|user|users|user|usr|u01|var\/users|home|export\/home|Documents and Settings|Profiles)\/[^/]*\//gm,
+    '$1$2/<user>/',
+  ],
   [
-    /\/(usr|home|user|users|u01|var\/users|export\/home)\/[^/]*\//gm,
-    '/$1/<user>/',
+    /(file:\/\/|\\)(Users|user|users|user|usr|u01|var\\users|home|export\\home|Documents and Settings|Profiles)\\[^/]*\\/gm,
+    '$1$2\\<user>\\',
   ],
-  [/\\(Users|Documents and Settings|Profiles)\\[^/\\]*\\/gm, '\\$1\\<user>\\'],
 
   // Email addresses
   [
-    /(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))/gim,
-    '<email>',
+    /(^|[ \t\r\n\v\f])([a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]{1,64}@[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?){1,500})/gim,
+    '$1<email>',
   ],
 
   // IP addresses