From: Eric Wong <e@80x24.org>
Date: Wed, 26 Mar 2025 03:35:00 +0000 (+0000)
Subject: www: hoist out sanitize_local_paths sub for solver
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d7291cb07353cf9a672b257821c86fd8008762f4;p=thirdparty%2Fpublic-inbox.git

www: hoist out sanitize_local_paths sub for solver

SearchView and ViewVCS both benefit from local path sanitation
in diagnostic messages of the WWW UI.
---

diff --git a/lib/PublicInbox/Hval.pm b/lib/PublicInbox/Hval.pm
index d44b65621..483ea70ef 100644
--- a/lib/PublicInbox/Hval.pm
+++ b/lib/PublicInbox/Hval.pm
@@ -1,4 +1,4 @@
-# Copyright (C) 2014-2021 all contributors <meta@public-inbox.org>
+# Copyright (C) all contributors <meta@public-inbox.org>
 # License: AGPL-3.0+ <https://www.gnu.org/licenses/agpl-3.0.txt>
 #
 # represents a header value in various forms.  Used for HTML generation
@@ -9,11 +9,13 @@ use strict;
 use Encode qw(find_encoding);
 use PublicInbox::MID qw/mid_clean mid_escape/;
 use base qw/Exporter/;
-our @EXPORT_OK = qw/ascii_html obfuscate_addrs to_filename src_escape
-		to_attr prurl mid_href fmt_ts ts2str utf8_maybe/;
+our @EXPORT_OK = qw(ascii_html obfuscate_addrs to_filename src_escape
+		to_attr prurl mid_href fmt_ts ts2str utf8_maybe
+		sanitize_local_paths);
 use POSIX qw(strftime);
 my $enc_ascii = find_encoding('us-ascii');
 use File::Spec::Functions qw(abs2rel);
+my %rmap_inc;
 
 # safe-ish acceptable filename pattern for portability
 our $FN = '[a-zA-Z0-9][a-zA-Z0-9_\-\.]+[a-zA-Z0-9]'; # needs \z anchor
@@ -156,4 +158,33 @@ sub utf8_maybe ($) {
 	utf8::valid($_[0]) or utf8::encode($_[0]); # non-UTF-8 data exists
 }
 
+# shorten "/full/path/to/Foo/Bar.pm" to "Foo/Bar.pm" so error
+# messages don't reveal FS layout info in case people use non-standard
+# installation paths
+sub path2inc ($) {
+	my $full = $_[0];
+	if (my $short = $rmap_inc{$full}) {
+		return $short;
+	} elsif (!scalar(keys %rmap_inc) && -e $full) {
+		# n.b. $INC{'PublicInbox::Lg2'} is undef if libgit2-dev
+		# doesn't exist
+		my $f;
+		%rmap_inc = map {;
+			$f = $INC{$_};
+			defined $f ? ($f, $_) : ();
+		} keys %INC;
+		# fall back to basename as last resort
+		$rmap_inc{$full} // (split(m'/', $full))[-1];
+	} else {
+		$full;
+	}
+}
+
+# changes avoids giving out PERL5LIB absolute path info to the public:
+# - something bad at /foo/bar/PublicInbox/Foo.pm line 666.
+# + something bad at PublicInbox/Foo.pm line 666.
+sub sanitize_local_paths (@) {
+	s! at (.+) line !' at '.path2inc($1).' line '!sge for @_
+}
+
 1;
diff --git a/lib/PublicInbox/SearchView.pm b/lib/PublicInbox/SearchView.pm
index 5746e4346..f5b10663a 100644
--- a/lib/PublicInbox/SearchView.pm
+++ b/lib/PublicInbox/SearchView.pm
@@ -8,14 +8,14 @@ use v5.10.1;
 use List::Util qw(min max);
 use URI::Escape qw(uri_unescape);
 use PublicInbox::Smsg;
-use PublicInbox::Hval qw(ascii_html obfuscate_addrs mid_href fmt_ts);
+use PublicInbox::Hval qw(ascii_html obfuscate_addrs mid_href fmt_ts
+	sanitize_local_paths);
 use PublicInbox::View;
 use PublicInbox::WwwAtomStream;
 use PublicInbox::WwwStream qw(html_oneshot);
 use PublicInbox::SearchThread;
 use PublicInbox::SearchQuery;
 use PublicInbox::Search qw(get_pct);
-my %rmap_inc;
 use Errno ();
 
 # possible busy errors from async_mset (via pipe, sendmsg, epoll_ctl)
@@ -161,33 +161,11 @@ sub mset_summary {
 	undef;
 }
 
-# shorten "/full/path/to/Foo/Bar.pm" to "Foo/Bar.pm" so error
-# messages don't reveal FS layout info in case people use non-standard
-# installation paths
-sub path2inc ($) {
-	my $full = $_[0];
-	if (my $short = $rmap_inc{$full}) {
-		return $short;
-	} elsif (!scalar(keys %rmap_inc) && -e $full) {
-		# n.b. $INC{'PublicInbox::Lg2'} is undef if libgit2-dev
-		# doesn't exist
-		my $f;
-		%rmap_inc = map {;
-			$f = $INC{$_};
-			defined $f ? ($f, $_) : ();
-		} keys %INC;
-		# fall back to basename as last resort
-		$rmap_inc{$full} // (split(m'/', $full))[-1];
-	} else {
-		$full;
-	}
-}
-
 sub err_txt {
 	my ($ctx, $err) = @_;
 	my $u = $ctx->{ibx}->base_url($ctx->{env}) . '_/text/help/';
 	$err =~ s/^\s*Exception:\s*//; # bad word to show users :P
-	$err =~ s!(\S+)!path2inc($1)!sge;
+	sanitize_local_paths $err;
 	$err = ascii_html($err);
 	"\nBad query: <b>$err</b>\n" .
 		qq{See <a\nhref="$u">$u</a> for help on using search};
diff --git a/lib/PublicInbox/ViewVCS.pm b/lib/PublicInbox/ViewVCS.pm
index e9ed47115..3ad279a72 100644
--- a/lib/PublicInbox/ViewVCS.pm
+++ b/lib/PublicInbox/ViewVCS.pm
@@ -27,7 +27,8 @@ use PublicInbox::View;
 use PublicInbox::Eml;
 use PublicInbox::OnDestroy;
 use Text::Wrap qw(wrap);
-use PublicInbox::Hval qw(ascii_html to_filename prurl utf8_maybe);
+use PublicInbox::Hval qw(ascii_html to_filename prurl utf8_maybe
+	sanitize_local_paths);
 use POSIX qw(strftime);
 use autodie qw(open seek truncate);
 use Fcntl qw(SEEK_SET);
@@ -70,6 +71,7 @@ sub dbg_log ($) {
 	};
 	return '' if $log eq '';
 	$ctx->{-linkify} //= PublicInbox::Linkify->new;
+	sanitize_local_paths $log;
 	"<hr><pre>debug log:\n\n".
 		$ctx->{-linkify}->to_html($log).'</pre>';
 }