From 309cdb0b515eb575946fa0f947cffdb0f3cca115 Mon Sep 17 00:00:00 2001
From: mm-david <130688551+mm-david@users.noreply.github.com>
Date: Tue, 13 Aug 2024 16:58:59 -0400
Subject: [PATCH] Add option to toggle file paths in error messages

---
 CHANGELOG.md          |  7 +++++++
 main.go               |  2 +-
 verify/verify.go      | 44 ++++++++++++++++++++++++++++++++-----------
 verify/verify_test.go |  4 ++--
 4 files changed, 43 insertions(+), 14 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7a88f8b..2af1346 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,12 @@
 ## CHANGELOG
 
+## 2.5.0 (2024-08-14)
+
+* Add option to verifier.ProcessGeofeed reduce verbosity of error messages,
+  toggling whether file paths are included.
+* Update interface of verifier package, adding a new struct to hold any
+  verification options.
+
 ## 2.4.0 (2023-07-13)
 
 * Update files to comply with major release version 2
diff --git a/main.go b/main.go
index 3024618..af04738 100644
--- a/main.go
+++ b/main.go
@@ -46,7 +46,7 @@ func run() error {
 		return err
 	}
 
-	c, diffLines, asnCounts, err := verify.ProcessGeofeed(conf.gf, conf.db, conf.isp, conf.laxMode)
+	c, diffLines, asnCounts, err := verify.ProcessGeofeed(conf.gf, conf.db, conf.isp, verify.Options{LaxMode: conf.laxMode})
 	if err != nil {
 		if errors.Is(err, verify.ErrInvalidGeofeed) {
 			log.Printf("Found %d invalid rows out of %d rows in total, examples by type:", c.Invalid, c.Total)
diff --git a/verify/verify.go b/verify/verify.go
index 4915213..b68c013 100644
--- a/verify/verify.go
+++ b/verify/verify.go
@@ -37,14 +37,23 @@ func NewCheckResult() CheckResult {
 	}
 }
 
+type Options struct {
+	// // LaxMode controls validation for region codes. If LaxMode is false
+	// (default), ISO-3166-2 region codes format is required. Otherwise region
+	// code is accepted both with or without country code.
+	LaxMode bool
+	// HideFilePathsInErrorMessages, if set to true, will prevent file paths
+	// from appearing in error messages. This reduces information leakage in
+	// contexts where the error messages might be shared.
+	HideFilePathsInErrorMessages bool
+}
+
 // ProcessGeofeed attempts to validate a given geofeedFilename.
-// If laxMode is false (default), ISO-3166-2 region codes format is required.
-// Otherwise region code is accepted both with or without country code.
 func ProcessGeofeed(
 	geofeedFilename,
 	mmdbFilename,
 	ispFilename string,
-	laxMode bool,
+	opts Options,
 ) (CheckResult, []string, map[uint]int, error) { //nolint:unparam // false positive on map[uint]int
 	c := NewCheckResult()
 	var diffLines []string
@@ -53,6 +62,9 @@ func ProcessGeofeed(
 	// See https://github.com/golang/go/issues/33887.
 	geofeedFH, err := utfutil.OpenFile(filepath.Clean(geofeedFilename), utfutil.UTF8)
 	if err != nil {
+		if opts.HideFilePathsInErrorMessages {
+			return c, diffLines, nil, fmt.Errorf("unable to open file: %w", err)
+		}
 		return c, diffLines, nil, fmt.Errorf("unable to open %s: %w", geofeedFilename, err)
 	}
 	defer func() {
@@ -63,6 +75,9 @@ func ProcessGeofeed(
 
 	db, err := geoip2.Open(filepath.Clean(mmdbFilename))
 	if err != nil {
+		if opts.HideFilePathsInErrorMessages {
+			return c, diffLines, nil, fmt.Errorf("unable to open MMDB: %w", err)
+		}
 		return c, diffLines, nil, fmt.Errorf("unable to open MMDB %s: %w", mmdbFilename, err)
 	}
 	defer db.Close()
@@ -71,7 +86,10 @@ func ProcessGeofeed(
 	if ispFilename != "" {
 		ispdb, err = geoip2.Open(filepath.Clean(ispFilename))
 		if err != nil {
-			return c, diffLines, nil, fmt.Errorf("unable to open MMDB %s: %w", ispFilename, err)
+			if opts.HideFilePathsInErrorMessages {
+				return c, diffLines, nil, fmt.Errorf("unable to open ISP MMDB: %w", err)
+			}
+			return c, diffLines, nil, fmt.Errorf("unable to open ISP MMDB %s: %w", ispFilename, err)
 		}
 		defer ispdb.Close()
 	}
@@ -91,8 +109,10 @@ func ProcessGeofeed(
 			break
 		}
 		if err != nil {
-			return c, diffLines, asnCounts,
-				fmt.Errorf("unable to read next row in %s: %w", geofeedFilename, err)
+			if opts.HideFilePathsInErrorMessages {
+				return c, diffLines, asnCounts, fmt.Errorf("unable to read next row: %w", err)
+			}
+			return c, diffLines, asnCounts, fmt.Errorf("unable to read next row in %s: %w", geofeedFilename, err)
 		}
 
 		c.Total++
@@ -111,7 +131,7 @@ func ProcessGeofeed(
 			continue
 		}
 
-		diffLine, result := verifyCorrection(row[:expectedFieldsPerRecord], db, ispdb, asnCounts, laxMode)
+		diffLine, result := verifyCorrection(row[:expectedFieldsPerRecord], db, ispdb, asnCounts, opts.LaxMode)
 		if !result.valid {
 			if _, ok := c.SampleInvalidRows[result.invalidityType]; !ok {
 				c.SampleInvalidRows[result.invalidityType] = fmt.Sprintf(
@@ -130,8 +150,10 @@ func ProcessGeofeed(
 		}
 	}
 	if err != nil && !errors.Is(err, io.EOF) {
-		return c, diffLines, asnCounts,
-			fmt.Errorf("error while reading %s: %w", geofeedFilename, err)
+		if opts.HideFilePathsInErrorMessages {
+			return c, diffLines, asnCounts, fmt.Errorf("error reading file: %w", err)
+		}
+		return c, diffLines, asnCounts, fmt.Errorf("error while reading %s: %w", geofeedFilename, err)
 	}
 
 	if c.Invalid > 0 || len(c.SampleInvalidRows) > 0 {
@@ -151,7 +173,7 @@ func verifyCorrection(
 	correction []string,
 	db, ispdb *geoip2.Reader,
 	asnCounts map[uint]int,
-	laxMode bool,
+	opts Options,
 ) (string, verificationResult) {
 	/*
 	   0: network (CIDR or single IP)
@@ -207,7 +229,7 @@ func verifyCorrection(
 	// In "--lax" mode both region code formats (with or without country code) are accepted.
 	if strings.Contains(correction[2], "-") {
 		mostSpecificSubdivision = mmdbRecord.Country.IsoCode + "-" + mostSpecificSubdivision
-	} else if correction[2] != "" && !laxMode {
+	} else if correction[2] != "" && !opts.LaxMode {
 		return "", verificationResult{
 			valid:          false,
 			invalidityType: InvalidRegionCode,
diff --git a/verify/verify_test.go b/verify/verify_test.go
index edaa7d6..34efd64 100644
--- a/verify/verify_test.go
+++ b/verify/verify_test.go
@@ -81,7 +81,7 @@ func TestProcessGeofeed_Valid(t *testing.T) {
 	for _, test := range goodTests {
 		t.Run(
 			test.gf+" "+test.db, func(t *testing.T) {
-				c, dl, _, err := ProcessGeofeed(test.gf, test.db, "", test.laxMode)
+				c, dl, _, err := ProcessGeofeed(test.gf, test.db, "", Options{LaxMode: test.laxMode})
 				require.NoError(t, err, "processGeofeed ran without error")
 				for i, s := range test.dl {
 					assert.Contains(
@@ -167,7 +167,7 @@ func TestProcessGeofeed_Invalid(t *testing.T) {
 	for _, test := range badTests {
 		t.Run(
 			test.gf+" "+test.db, func(t *testing.T) {
-				c, _, _, err := ProcessGeofeed(test.gf, test.db, "", test.laxMode)
+				c, _, _, err := ProcessGeofeed(test.gf, test.db, "", Options{LaxMode: test.laxMode})
 				require.ErrorIs(
 					t,
 					err,