fix: remove user data from telemetry

Author: Vieltojarvi

packages/amplify-cli/src/__tests__/flow-report.test.ts

@@ -15,6 +15,7 @@ import {
 import { v4 as uuid } from 'uuid';
 import { Redactor } from '@aws-amplify/amplify-cli-logger';
 import { CLIFlowReport } from '../domain/amplify-usageData/FlowReport';
+import { homedir } from 'os';
 
 describe('Test FlowReport Logging', () => {
   beforeAll(() => {});
@@ -103,6 +104,20 @@ describe('Test FlowReport Logging', () => {
     expect(flowReport.optionFlowData[0].input).toContain(input.serviceConfiguration.mapStyle);
     expect(flowReport.optionFlowData[0].input).toEqual(Redactor(inputString));
   });
+
+  it('runtime does not contain home directory info', () => {
+    const flowReport = new CLIFlowReport();
+    flowReport.setInput(mockInputs.headlessInput('auth', 'add'));
+
+    expect(flowReport.runtime).not.toContain(homedir());
+  });
+
+  it('executable does not contain home directory info', () => {
+    const flowReport = new CLIFlowReport();
+    flowReport.setInput(mockInputs.headlessInput('auth', 'add'));
+
+    expect(flowReport.executable).not.toContain(homedir());
+  });
 });
 
 const redactValue = (key: string, value: unknown) => {
@@ -180,7 +195,7 @@ const mockInputs = {
   Geo: mockAddGeoInput,
   GraphQLAPI: mockAddAPIInput,
   headlessInput: (feature, command) => ({
-    argv: [],
+    argv: [`${homedir()}/.amplify/bin/amplify.exe`, `${homedir()}/amplify-cli/build/node_modules/@aws-amplify/cli-internal/bin/amplify`],
     plugin: feature,
     command,
   }),

packages/amplify-cli/src/__tests__/serializable-error.test.ts

@@ -54,4 +54,23 @@ describe('test serializabe error', () => {
     expect(serializableError.name).toBe('NotImplementedError');
     expect(serializableError.details).toBe('some error details with arn: <escaped ARN> and arn: <escaped ARN> and something else');
   });
+
+  it('test SerializableError has no stack arns in error message', () => {
+    const testStack = 'amplify-someStackName-dev-u9910';
+    const error = new AmplifyError('NotImplementedError', {
+      message: `Could not initialize ${testStack}`,
+    });
+
+    const serializableError = new SerializableError(error);
+    expect(serializableError.message).toBe('Could not initialize <escaped stack>');
+  });
+
+  it('test SerializeError error message has no home directories in file paths', () => {
+    const error = new AmplifyError('FileSystemPermissionsError', {
+      message: `Permission denied, open '${os.homedir}/.amplify/logs/amplify-cli.log`,
+    });
+
+    const serializableError = new SerializableError(error);
+    expect(serializableError.message).not.toContain(os.homedir());
+  });
 });

packages/amplify-cli/src/__tests__/usage-data.test.ts

@@ -67,6 +67,41 @@ describe('test usageData', () => {
     expect(a).toEqual(b);
   });
 
+  it('expects accountId to be a valid UUID', () => {
+    const a = UsageData.Instance;
+    const timeStamp = Date.now();
+    const testAccountID = '123456789012';
+    a.init(
+      uuid.v4(),
+      '',
+      new CommandLineInput([]),
+      testAccountID,
+      { editor: 'vscode', framework: 'react', frontend: 'javascript' } as unknown as ProjectSettings,
+      timeStamp,
+    );
+
+    expect(uuid.validate(a.getUsageDataPayload(null, 'SUCCESS').accountId)).toEqual(true);
+  });
+
+  it('returns cached accountId on subsequent calls', () => {
+    const a = UsageData.Instance;
+    const timeStamp = Date.now();
+    const testAccountID = '123456789012';
+    a.init(
+      uuid.v4(),
+      '',
+      new CommandLineInput([]),
+      testAccountID,
+      { editor: 'vscode', framework: 'react', frontend: 'javascript' } as unknown as ProjectSettings,
+      timeStamp,
+    );
+
+    const accountId1 = a.getUsageDataPayload(null, 'SUCCESS').accountId;
+    const accountId2 = a.getUsageDataPayload(null, 'SUCCESS').accountId;
+
+    expect(accountId1).toEqual(accountId2);
+  });
+
   it('records specified code path timer', async () => {
     const usageData = UsageData.Instance;
     usageData.startCodePathTimer(ManuallyTimedCodePath.PLUGIN_TIME);

packages/amplify-cli/src/domain/amplify-usageData/FlowReport.ts

@@ -12,6 +12,7 @@ import {
   TypeOptionFlowData,
 } from '@aws-amplify/amplify-cli-shared-interfaces';
 import { createHashedIdentifier } from '../../commands/helpers/encryption-helpers';
+import { homedir } from 'os';
 
 /**
  * Store the data and sequence of events of CLI walkthrough
@@ -32,6 +33,11 @@ export class CLIFlowReport implements IFlowData {
   projectIdentifier?: string; // hash( ProjectName + Amplify App Id)
   envName?: string;
 
+  // (file:/+)? -> matches optional file url prefix
+  // homedir() -> users home directory, replacing \ with /
+  // [\\w.\\-_@\\\\/]+ -> matches nested directories and file name
+  filePathRegex = new RegExp(`(file:/+)?${homedir().replaceAll('\\', '/')}[\\w.\\-_@\\\\/]+`, 'g');
+
   constructor() {
     const currentTime = Date.now();
     this.logger = getAmplifyLogger();
@@ -66,8 +72,15 @@ export class CLIFlowReport implements IFlowData {
    */
   setInput(input: CLIInput): void {
     this.input = input;
-    this.runtime = input.argv[0] as string;
-    this.executable = input.argv[1] as string;
+    for (let i = 0; i < input.argv.length; i++) {
+      if (input.argv[i].match(this.filePathRegex)) {
+        const arg = this.anonymizePath(input.argv[i]);
+        this.input.argv[i] = arg;
+      }
+    }
+
+    this.runtime = this.input.argv[0] as string;
+    this.executable = this.input.argv[1] as string;
     this.cmd = input.argv[2] as string;
     this.subCmd = input.argv[3] ? input.argv[3] : undefined;
     this.optionFlowData = []; // key-value store with ordering maintained
@@ -139,4 +152,12 @@ export class CLIFlowReport implements IFlowData {
     const timeStampedOption: IOptionFlowHeadlessData = { input: cleanOption, timestamp: new Date().valueOf() }; // attach unix-style timestamp
     this.optionFlowData.push(timeStampedOption);
   }
+
+  private anonymizePath = (str: string): string => {
+    let result = str;
+    if (result.match(this.filePathRegex)) {
+      result = result.replace(this.filePathRegex, '');
+    }
+    return result;
+  };
 }

packages/amplify-cli/src/domain/amplify-usageData/SerializableError.ts

@@ -1,10 +1,18 @@
 import { $TSAny } from '@aws-amplify/amplify-cli-core';
+import { homedir } from 'os';
 import * as path from 'path';
 
 const stackTraceRegex = /^\s*at (?:((?:\[object object\])?[^\\/]+(?: \[as \S+\])?) )?\(?(.*?):(\d+)(?::(\d+))?\)?\s*$/i;
 const ARNRegex =
   /arn:[a-z0-9][-.a-z0-9]{0,62}:[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9][A-Za-z0-9:_/+=,@.-]{0,1023}/g;
 
+// Gen1 stacks have same structure as Gen2 stacks
+const stackRegex = /amplify-[a-zA-Z0-9-]+/g;
+// (file:/+)? -> matches optional file url prefix
+// homedir() -> users home directory, replacing \ with /
+// [\\w.\\-_@\\\\/]+ -> matches nested directories and file name
+const filePathRegex = new RegExp(`(file:/+)?${homedir().replaceAll('\\', '/')}[\\w.\\-_@\\\\/]+`, 'g');
+
 /**
  * Wrapper around Error.name
  */
@@ -16,7 +24,7 @@ export class SerializableError {
   trace?: Trace[];
   constructor(error: Error) {
     this.name = error.name;
-    this.message = removeARN(error.message)!;
+    this.message = anonymizePaths(sanitize(error.message)!);
     this.details = removeARN((error as $TSAny)?.details);
     this.code = (error as $TSAny)?.code;
     this.trace = extractStackTrace(error);
@@ -83,10 +91,33 @@ const processPaths = (paths: string[]): string[] => {
   });
 };
 
+const sanitize = (str?: string): string | undefined => {
+  let result = str;
+  result = removeARN(result);
+  result = removeStackIdentifier(result);
+
+  return result;
+};
+
 const removeARN = (str?: string): string | undefined => {
   return str?.replace(ARNRegex, '<escaped ARN>');
 };
 
+const removeStackIdentifier = (str?: string): string | undefined => {
+  return str?.replace(stackRegex, '<escaped stack>') ?? '';
+};
+
+const anonymizePaths = (str: string): string => {
+  const result = str;
+  const matches = [...result.matchAll(filePathRegex)];
+
+  for (const match of matches) {
+    result.replace(match[0], processPaths([match[0]])[0]);
+  }
+
+  return result;
+};
+
 type Trace = {
   methodName: string;
   file: string;

packages/amplify-cli/src/domain/amplify-usageData/UsageData.ts

@@ -4,7 +4,7 @@ import { prompter, printer } from '@aws-amplify/amplify-prompts';
 import https from 'https';
 import { pick } from 'lodash';
 import { UrlWithStringQuery } from 'url';
-import { v4 as uuid } from 'uuid';
+import { v4 as uuid, v5 as uuidV5 } from 'uuid';
 import { CLIInput } from '../command-input';
 import {
   JSONUtilities,
@@ -24,6 +24,8 @@ import redactInput from './identifiable-input-regex';
 import { Timer } from './Timer';
 import { UsageDataPayload } from './UsageDataPayload';
 
+const AMPLIFY_CLI_UUID_NAMESPACE = '7bf41e64-b0be-4a57-8d92-9cfbc1600f0f';
+
 /**
  * Singleton class that manages the lifecycle of usage data during a CLI command
  */
@@ -63,7 +65,8 @@ export class UsageData implements IUsageData {
     processStartTimeStamp: number,
   ): void {
     this.installationUuid = installationUuid;
-    this.accountId = accountId;
+    const accountBucketId = Number(accountId) / 100;
+    this.accountId = uuidV5(accountBucketId.toString(), AMPLIFY_CLI_UUID_NAMESPACE);
     this.projectSettings = projectSettings;
     this.version = version;
     this.inputOptions = input.options ? pick(input.options as InputOptions, ['sandboxId']) : {};