From 2e6fcad79f2e8610617f2f7c32ff531a9946fe96 Mon Sep 17 00:00:00 2001
From: SpiritCroc <dev@spiritcroc.de>
Date: Tue, 5 Sep 2023 22:44:39 +0200
Subject: [PATCH] Make sure on render exception no content is leaked in log

In production builds. For internal builds, still allow it.
Note: upstream may have been leaking content here as well.

Change-Id: I1b07778d70dfddb151bf97b60482e38aeb01c26e
---
 .../im/vector/app/core/resources/BuildMeta.kt     |  6 +++++-
 .../vector/app/features/html/EventHtmlRenderer.kt | 15 +++++++++++++--
 .../app/features/rageshake/BugReportActivity.kt   |  6 ++----
 3 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/vector/src/main/java/im/vector/app/core/resources/BuildMeta.kt b/vector/src/main/java/im/vector/app/core/resources/BuildMeta.kt
index ddc6f992a9..9f6cbf29cb 100644
--- a/vector/src/main/java/im/vector/app/core/resources/BuildMeta.kt
+++ b/vector/src/main/java/im/vector/app/core/resources/BuildMeta.kt
@@ -16,6 +16,8 @@
 
 package im.vector.app.core.resources
 
+import im.vector.app.BuildConfig
+
 data class BuildMeta(
         val isDebug: Boolean,
         val applicationId: String,
@@ -26,4 +28,6 @@ data class BuildMeta(
         val gitBranchName: String,
         val flavorDescription: String,
         val flavorShortDescription: String,
-)
+) {
+    val isInternalBuild: Boolean = BuildConfig.DEBUG || gitBranchName == "sm_fdroid"
+}
diff --git a/vector/src/main/java/im/vector/app/features/html/EventHtmlRenderer.kt b/vector/src/main/java/im/vector/app/features/html/EventHtmlRenderer.kt
index 3ab106d774..6790bf2000 100644
--- a/vector/src/main/java/im/vector/app/features/html/EventHtmlRenderer.kt
+++ b/vector/src/main/java/im/vector/app/features/html/EventHtmlRenderer.kt
@@ -45,6 +45,7 @@ import com.bumptech.glide.load.resource.bitmap.TransformationUtils
 import com.bumptech.glide.request.target.Target
 import im.vector.app.R
 import im.vector.app.core.di.ActiveSessionHolder
+import im.vector.app.core.resources.BuildMeta
 import im.vector.app.core.resources.ColorProvider
 import im.vector.app.core.utils.DimensionConverter
 import im.vector.app.features.settings.VectorPreferences
@@ -86,6 +87,7 @@ class EventHtmlRenderer @Inject constructor(
         private val dimensionConverter: DimensionConverter,
         private val vectorPreferences: VectorPreferences,
         private val activeSessionHolder: ActiveSessionHolder,
+        private val buildMeta: BuildMeta,
 ) {
 
     companion object {
@@ -381,11 +383,20 @@ class EventHtmlRenderer @Inject constructor(
             val parsed = markwon.parse(text)
             renderAndProcess(parsed, postProcessors)
         } catch (failure: Throwable) {
-            Timber.v(failure, "Fail to render $text to html")
+            Timber.v(failure, "Fail to render text ${text.redactIfNotDebug()} to html")
             text
         }
     }
 
+    // Do not leak message content
+    fun String.redactIfNotDebug(): String {
+        return if (buildMeta.isInternalBuild) {
+            this
+        } else {
+            "(REDACTED)"
+        }
+    }
+
     /**
      * @param node the node you want to render
      * @param postProcessors an optional array of post processor to add any span if needed
@@ -394,7 +405,7 @@ class EventHtmlRenderer @Inject constructor(
         return try {
             renderAndProcess(node, postProcessors)
         } catch (failure: Throwable) {
-            Timber.v(failure, "Fail to render $node to html")
+            Timber.v(failure, "Fail to render node ${node.toString().redactIfNotDebug()} to html")
             return null
         }
     }
diff --git a/vector/src/main/java/im/vector/app/features/rageshake/BugReportActivity.kt b/vector/src/main/java/im/vector/app/features/rageshake/BugReportActivity.kt
index e0e0a69fbd..320b0783f0 100755
--- a/vector/src/main/java/im/vector/app/features/rageshake/BugReportActivity.kt
+++ b/vector/src/main/java/im/vector/app/features/rageshake/BugReportActivity.kt
@@ -54,7 +54,7 @@ class BugReportActivity :
         setupViews()
 
         // Don't allow toggling this for internal builds... internal testers are well-known and may always be contacted!
-        views.bugReportButtonContactMe.isEnabled = !isInternalBuild()
+        views.bugReportButtonContactMe.isEnabled = !buildMeta.isInternalBuild
 
         if (bugReporter.screenshot != null) {
             views.bugReportScreenshotPreview.setImageBitmap(bugReporter.screenshot)
@@ -136,10 +136,8 @@ class BugReportActivity :
         }
     }
 
-    private fun isInternalBuild(): Boolean = BuildConfig.DEBUG || buildMeta.gitBranchName == "sm_fdroid"
-
     private fun minBugReportLength(): Int {
-        return if (isInternalBuild()) {
+        return if (buildMeta.isInternalBuild) {
             2
         } else {
             10