futrther improvements to anonymization

2025-03-01 14:22:32 +01:00 · 2020-06-07 10:20:48 +02:00 · 2020-06-07 10:20:48 +02:00 · e8cd821e57
commit e8cd821e57
parent be7ac74235
3 changed files with 27 additions and 8 deletions
--- a/package.json
+++ b/package.json
@ -78,7 +78,7 @@
    "yazl": "^2.5.1"
  },
  "devDependencies": {
-    "electron": "9.0.2",
+    "electron": "9.0.3",
    "electron-builder": "22.6.0",
    "electron-packager": "14.2.1",
    "electron-rebuild": "1.10.1",
--- a/src/services/attributes.js
+++ b/src/services/attributes.js
@ -115,13 +115,24 @@ function isAttributeType(type) {
 }

 function isAttributeDangerous(type, name) {
-    return BUILTIN_ATTRIBUTES.some(attr => 
-        attr.type === attr.type && 
+    return BUILTIN_ATTRIBUTES.some(attr =>
+        attr.type === attr.type &&
        attr.name.toLowerCase() === name.trim().toLowerCase() &&
        attr.isDangerous
    );
 }

+function getBuiltinAttributeNames() {
+    return BUILTIN_ATTRIBUTES
+        .map(attr => attr.name)
+        .concat([
+            'internalLink',
+            'imageLink',
+            'includeNoteLink',
+            'relationMapLink'
+        ]);
+}
+
 module.exports = {
    getNotesWithLabel,
    getNotesWithLabels,
@ -131,5 +142,6 @@ module.exports = {
    createAttribute,
    getAttributeNames,
    isAttributeType,
-    isAttributeDangerous
-};
+    isAttributeDangerous,
+    getBuiltinAttributeNames
+};
--- a/src/services/backup.js
+++ b/src/services/backup.js
@ -7,7 +7,9 @@ const dataDir = require('./data_dir');
 const log = require('./log');
 const sqlInit = require('./sql_init');
 const syncMutexService = require('./sync_mutex');
+const attributeService = require('./attributes');
 const cls = require('./cls');
+const utils = require('./utils');
 const sqlite = require('sqlite');
 const sqlite3 = require('sqlite3');

@ -98,9 +100,14 @@ async function anonymize() {
    await db.run("UPDATE notes SET title = 'title'");
    await db.run("UPDATE note_contents SET content = 'text' WHERE content IS NOT NULL");
    await db.run("UPDATE note_revisions SET title = 'title'");
-    await db.run("UPDATE note_revision_contents SET content = 'title' WHERE content IS NOT NULL");
-    await db.run("UPDATE attributes SET name = 'name', value = 'value' WHERE type = 'label'");
-    await db.run("UPDATE attributes SET name = 'name' WHERE type = 'relation' AND name != 'template'");
+    await db.run("UPDATE note_revision_contents SET content = 'text' WHERE content IS NOT NULL");
+
+    // we want to delete all non-builtin attributes because they can contain sensitive names and values
+    // on the other hand builtin/system attrs should not contain any sensitive info
+    const builtinAttrs = attributeService.getBuiltinAttributeNames().map(name => "'" + utils.sanitizeSql(name) + "'").join(', ');
+
+    await db.run(`UPDATE attributes SET name = 'name', value = 'value' WHERE type = 'label' AND name NOT IN(${builtinAttrs})`);
+    await db.run(`UPDATE attributes SET name = 'name' WHERE type = 'relation' AND name NOT IN (${builtinAttrs})`);
    await db.run("UPDATE branches SET prefix = 'prefix' WHERE prefix IS NOT NULL");
    await db.run(`UPDATE options SET value = 'anonymized' WHERE name IN 
                    ('documentId', 'documentSecret', 'encryptedDataKey', 'passwordVerificationHash',