searchview: avoid displaying full paths on errors

Displaying full path names of installed modules could expose
unnecessary information about user home directory names or other
potentially sensitive information.  However, displaying a module
name could still be useful for diagnosing problems, so map full
paths to the relevant part of the path name which is relevant to
the package name.

Reported-by: Ali Alnubani <alialnu@mellanox.com>
  https://public-inbox.org/meta/20190611193815.c4uovtlp574bid6x@dcvr/

diff --git a/lib/PublicInbox/SearchView.pm b/lib/PublicInbox/SearchView.pm
index 6f07279bd72c21d05aeb3527fc0af02b7785bcdc..a8b66dda9004ad6cca983bff668f9ab06b7ef181 100644 (file)
--- a/lib/PublicInbox/SearchView.pm
+++ b/lib/PublicInbox/SearchView.pm
@@ -15,6 +15,7 @@ use PublicInbox::MIME;
 require PublicInbox::Git;
 require PublicInbox::SearchThread;
 our $LIM = 200;
+my %rmap_inc;
 
 sub noop {}
 
@@ -138,10 +139,27 @@ sub mset_summary {
        *noop;
 }
 
+# shorten "/full/path/to/Foo/Bar.pm" to "Foo/Bar.pm" so error
+# messages don't reveal FS layout info in case people use non-standard
+# installation paths
+sub path2inc ($) {
+       my $full = $_[0];
+       if (my $short = $rmap_inc{$full}) {
+               return $short;
+       } elsif (!scalar(keys %rmap_inc) && -e $full) {
+               %rmap_inc = map {; "$INC{$_}" => $_ } keys %INC;
+               # fall back to basename as last resort
+               $rmap_inc{$full} // (split('/', $full))[-1];
+       } else {
+               $full;
+       }
+}
+
 sub err_txt {
        my ($ctx, $err) = @_;
        my $u = $ctx->{-inbox}->base_url($ctx->{env}) . '_/text/help/';
        $err =~ s/^\s*Exception:\s*//; # bad word to show users :P
+       $err =~ s!(\S+)!path2inc($1)!sge;
        $err = ascii_html($err);
        "\nBad query: <b>$err</b>\n" .
                qq{See <a\nhref="$u">$u</a> for help on using search};