From ea07915e6bbd68aceb0d40c7e2fd91cd2542b244 Mon Sep 17 00:00:00 2001
From: Daniel Gasienica <daniel@gasienica.ch>
Date: Wed, 7 Mar 2018 10:57:39 -0500
Subject: [PATCH] Escape special characters in file path

---
 js/modules/privacy.js | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/js/modules/privacy.js b/js/modules/privacy.js
index 55096daee..db0529376 100644
--- a/js/modules/privacy.js
+++ b/js/modules/privacy.js
@@ -2,15 +2,25 @@
 
 const Path = require('path');
 
-const isString = require('lodash/isString');
 const compose = require('lodash/fp/compose');
+const escapeRegExp = require('lodash/escapeRegExp');
+const isRegExp = require('lodash/isRegExp');
+const isString = require('lodash/isString');
 
 
 const PHONE_NUMBER_PATTERN = /\+\d{7,12}(\d{3})/g;
 const GROUP_ID_PATTERN = /(group\()([^)]+)(\))/g;
 
 const APP_ROOT_PATH = Path.join(__dirname, '..', '..', '..');
-const APP_ROOT_PATH_PATTERN = new RegExp(APP_ROOT_PATH, 'g');
+const APP_ROOT_PATH_PATTERN = (() => {
+  try {
+    // Safe `String::replaceAll`:
+    // https://github.com/lodash/lodash/issues/1084#issuecomment-86698786
+    return new RegExp(escapeRegExp(APP_ROOT_PATH), 'g');
+  } catch (error) {
+    return null;
+  }
+})();
 
 const REDACTION_PLACEHOLDER = '[REDACTED]';
 
@@ -42,6 +52,10 @@ exports.redactSensitivePaths = (text) => {
     throw new TypeError('`text` must be a string');
   }
 
+  if (!isRegExp(APP_ROOT_PATH_PATTERN)) {
+    return text;
+  }
+
   return text.replace(APP_ROOT_PATH_PATTERN, REDACTION_PLACEHOLDER);
 };