• d-bugmail puremagic.com (55/55) Apr 23 2019 https://issues.dlang.org/show_bug.cgi?id=19819

d-bugmail puremagic.com writes:

https://issues.dlang.org/show_bug.cgi?id=19819

          Issue ID: 19819
           Summary: __FILE__ might emit personally identifiable
                    information in release executable
           Product: D
           Version: D2
          Hardware: x86
                OS: Mac OS X
            Status: NEW
          Severity: enhancement
          Priority: P1
         Component: dmd
          Assignee: nobody puremagic.com
          Reporter: lio+bugzilla lunesu.com

Very trivial example:

// test.d
void main() {
  import std.stdio;
  writeln(__FILE__);
}

Whatever path is provided to the compiler is emitted as a string literal:

$ dmd -run test.d
test.d

$ dmd -run /Users/lio/repos/d/dmd/test.d
/Users/lio/repos/d/dmd/test.d

This is as expected, but often the compiler is invoked by a build tool, like
`dub`, and absolute paths are passed to the command line instead, resulting in
leaking of the local path names which might include the username (or other
secrets like project codename or customer name.) Note that these string
literals are emitted for release builds as they are often passed to Exception
constructors.

$ strings test | grep '\.d$' | sort | uniq
./generated/osx/release/64/../../../../../phobos/std/stdio.d
/Users/llunesu/repos/d/dmd/test.d
src/core/demangle.d
src/core/exception.d
src/core/internal/parseoptions.d
src/core/internal/string.d
src/core/sync/mutex.d
src/core/thread.d
src/core/time.d
src/gc/proxy.d
src/object.d
src/rt/lifetime.d
src/rt/minfo.d
std/algorithm/searching.d
std/array.d
std/conv.d
std/format.d
std/internal/cstring.d
std/range/primitives.d
std/stdio.d
std/uni.d
std/utf.d

--