From 14b295f3375ce3a45465fc4fe8e68c2d93d008c0 Mon Sep 17 00:00:00 2001
From: bmc-msft <41130664+bmc-msft@users.noreply.github.com>
Date: Fri, 19 Mar 2021 12:52:37 -0400
Subject: [PATCH] add privacy statement to CLI (#695)

---
 .github/workflows/ci.yml                  |  3 ++-
 src/cli/MANIFEST.in                       |  5 ++++-
 src/cli/extra/pyinstaller/hook-onefuzz.py |  8 ++++++++
 src/cli/onefuzz/api.py                    | 15 ++++++++++++---
 src/cli/onefuzz/data/privacy.txt          | 14 ++++++++++++++
 src/cli/setup.py                          |  4 +++-
 6 files changed, 43 insertions(+), 6 deletions(-)
 create mode 100644 src/cli/extra/pyinstaller/hook-onefuzz.py
 create mode 100644 src/cli/onefuzz/data/privacy.txt

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index f28572102..5222715da 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -87,8 +87,9 @@ jobs:
         python setup.py sdist bdist_wheel
         pip install -r ./requirements.txt ../../artifacts/sdk/*.whl
         pip install six
-        pyinstaller onefuzz/__main__.py --onefile --name onefuzz --additional-hooks-dir extra/pyinstaller --hidden-import='pkg_resources.py2_warn' --exclude-module tkinter --exclude-module PySide2 --exclude-module PIL.ImageDraw --exclude-module Pillow --clean
+        pyinstaller onefuzz/__main__.py --onefile --name onefuzz --additional-hooks-dir extra/pyinstaller --hidden-import='pkg_resources.py2_warn' --exclude-module tkinter --exclude-module PySide2 --exclude-module PIL.ImageDraw --exclude-module Pillow --clean --add-data "onefuzz/data/privacy.txt;onefuzz/data" --add-data "onefuzz/data/licenses.json;onefuzz/data"
         ./dist/onefuzz.exe --version
+        ./dist/onefuzz.exe privacy_statement
         mkdir -p ${GITHUB_WORKSPACE}/artifacts/windows-cli/
         mkdir -p ${GITHUB_WORKSPACE}/artifacts/sdk/
         cp dist/*.tar.gz dist/*.whl ${GITHUB_WORKSPACE}/artifacts/sdk/
diff --git a/src/cli/MANIFEST.in b/src/cli/MANIFEST.in
index 00e263254..ee2d9f020 100644
--- a/src/cli/MANIFEST.in
+++ b/src/cli/MANIFEST.in
@@ -1,4 +1,7 @@
 include LICENSE
 include *.txt
 include *.md
-graft examples
+include extra/pyinstaller/*.py
+include onefuzz/data/privacy.txt
+include onefuzz/data/licenses.json
+graft examples
\ No newline at end of file
diff --git a/src/cli/extra/pyinstaller/hook-onefuzz.py b/src/cli/extra/pyinstaller/hook-onefuzz.py
new file mode 100644
index 000000000..8311e5cf6
--- /dev/null
+++ b/src/cli/extra/pyinstaller/hook-onefuzz.py
@@ -0,0 +1,8 @@
+#!/usr/bin/env python
+#
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+
+from PyInstaller.utils.hooks import collect_data_files
+
+datas = collect_data_files("onefuzz")
diff --git a/src/cli/onefuzz/api.py b/src/cli/onefuzz/api.py
index 99733c29b..739e7926b 100644
--- a/src/cli/onefuzz/api.py
+++ b/src/cli/onefuzz/api.py
@@ -6,6 +6,7 @@
 import json
 import logging
 import os
+import pkgutil
 import re
 import subprocess  # nosec
 import uuid
@@ -14,7 +15,6 @@ from shutil import which
 from typing import Callable, Dict, List, Optional, Tuple, Type, TypeVar
 from uuid import UUID
 
-import pkg_resources
 import semver
 from memoization import cached
 from onefuzztypes import (
@@ -1530,8 +1530,17 @@ class Onefuzz:
 
     def licenses(self) -> object:
         """ Return third-party licenses used by this package """
-        stream = pkg_resources.resource_stream(__name__, "data/licenses.json")
-        return json.load(stream)
+        data = pkgutil.get_data("onefuzz", "data/licenses.json")
+        if data is None:
+            raise Exception("missing licenses.json")
+        return json.loads(data)
+
+    def privacy_statement(self) -> bytes:
+        """ Return OneFuzz privacy statement """
+        data = pkgutil.get_data("onefuzz", "data/privacy.txt")
+        if data is None:
+            raise Exception("missing licenses.json")
+        return data
 
     def logout(self) -> None:
         """ Logout of Onefuzz """
diff --git a/src/cli/onefuzz/data/privacy.txt b/src/cli/onefuzz/data/privacy.txt
new file mode 100644
index 000000000..b0a08ccb8
--- /dev/null
+++ b/src/cli/onefuzz/data/privacy.txt
@@ -0,0 +1,14 @@
+The software may collect information about you and your use of the software and
+send it to Microsoft. Microsoft may use this information to provide services
+and improve our products and services. You may turn off the telemetry as
+described in the repository.  There are also some features in the software that
+may enable you and Microsoft to collect data from users of your applications.
+If you use these features, you must comply with applicable law, including
+providing appropriate notices to users of your applications together with a
+copy of Microsoft's privacy statement. Our privacy statement is located at
+https://go.microsoft.com/fwlink/?LinkID=824704. You can learn more about data
+collection and use in the help documentation and our privacy statement. Your
+use of the software operates as your consent to these practices.
+
+Instructions on how to turn off telemetry:
+* https://github.com/microsoft/onefuzz/blob/main/docs/telemetry.md#how-to-disable-sending-telemetry-to-microsoft
diff --git a/src/cli/setup.py b/src/cli/setup.py
index d15ec1599..310fd5c84 100644
--- a/src/cli/setup.py
+++ b/src/cli/setup.py
@@ -44,5 +44,7 @@ setuptools.setup(
     install_requires=requirements,
     zip_safe=False,
     include_package_data=True,
-    package_data={"": ["*.md", "*.txt", "data/licenses.json"]},
+    package_data={
+        "": ["*.md", "*.txt", "onefuzz/data/licenses.json", "onefuzz/data/privacy.txt"]
+    },
 )