From a8a75256099440d4075399263b0b0e77fe3faa5b Mon Sep 17 00:00:00 2001
From: Daniel Gasienica <daniel@signal.org>
Date: Fri, 6 Apr 2018 13:19:41 -0400
Subject: [PATCH] Redact stack traces with forward and backslashes

---
 js/modules/privacy.js        | 10 ++++++++--
 test/modules/privacy_test.js | 19 +++++++++++++++++++
 2 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/js/modules/privacy.js b/js/modules/privacy.js
index d1f6ac1ce..00cd7a9d6 100644
--- a/js/modules/privacy.js
+++ b/js/modules/privacy.js
@@ -37,10 +37,16 @@ exports._redactPath = (filePath) => {
 //      _pathToRegExp :: Path -> Maybe RegExp
 exports._pathToRegExp = (filePath) => {
   try {
+    const pathWithNormalizedSlashes = filePath.replace(/\//g, '\\');
+    const urlEncodedPath = encodeURI(filePath);
     // Safe `String::replaceAll`:
     // https://github.com/lodash/lodash/issues/1084#issuecomment-86698786
-    const urlEncodedAppRootPath = escapeRegExp(encodeURI(filePath));
-    return new RegExp(`${escapeRegExp(filePath)}|${urlEncodedAppRootPath}`, 'g');
+    const patternString = [
+      filePath,
+      pathWithNormalizedSlashes,
+      urlEncodedPath,
+    ].map(escapeRegExp).join('|');
+    return new RegExp(patternString, 'g');
   } catch (error) {
     return null;
   }
diff --git a/test/modules/privacy_test.js b/test/modules/privacy_test.js
index c7f849285..797c900ed 100644
--- a/test/modules/privacy_test.js
+++ b/test/modules/privacy_test.js
@@ -73,5 +73,24 @@ describe('Privacy', () => {
         'path2 file:///[REDACTED]/js/background.js.';
       assert.equal(actual, expected);
     });
+
+    it('should redact stack traces with both forward and backslashes', () => {
+      const testPath = 'C:/Users/Meow/AppData/Local/Programs/signal-desktop-beta';
+      const modifiedTestPath =
+        'C:\\Users\\Meow\\AppData\\Local\\Programs\\signal-desktop-beta';
+      const text = 'This is a log line with sensitive information:\n' +
+        `path1 ${testPath}\\main.js\n` +
+        'phone1 +12223334455 ipsum\n' +
+        'group1 group(123456789) doloret\n' +
+        `path2 ${modifiedTestPath}\\js\\background.js.`;
+
+      const actual = Privacy._redactPath(testPath)(text);
+      const expected = 'This is a log line with sensitive information:\n' +
+        'path1 [REDACTED]\\main.js\n' +
+        'phone1 +12223334455 ipsum\n' +
+        'group1 group(123456789) doloret\n' +
+        'path2 [REDACTED]\\js\\background.js.';
+      assert.equal(actual, expected);
+    });
   });
 });