From e8cd821e5707e774e12be7947838e9a5254ce1b2 Mon Sep 17 00:00:00 2001 From: zadam Date: Sun, 7 Jun 2020 10:20:48 +0200 Subject: [PATCH] futrther improvements to anonymization --- package.json | 2 +- src/services/attributes.js | 20 ++++++++++++++++---- src/services/backup.js | 13 ++++++++++--- 3 files changed, 27 insertions(+), 8 deletions(-) diff --git a/package.json b/package.json index 71294edc3..33de8bc38 100644 --- a/package.json +++ b/package.json @@ -78,7 +78,7 @@ "yazl": "^2.5.1" }, "devDependencies": { - "electron": "9.0.2", + "electron": "9.0.3", "electron-builder": "22.6.0", "electron-packager": "14.2.1", "electron-rebuild": "1.10.1", diff --git a/src/services/attributes.js b/src/services/attributes.js index bab322cbd..975d80084 100644 --- a/src/services/attributes.js +++ b/src/services/attributes.js @@ -115,13 +115,24 @@ function isAttributeType(type) { } function isAttributeDangerous(type, name) { - return BUILTIN_ATTRIBUTES.some(attr => - attr.type === attr.type && + return BUILTIN_ATTRIBUTES.some(attr => + attr.type === attr.type && attr.name.toLowerCase() === name.trim().toLowerCase() && attr.isDangerous ); } +function getBuiltinAttributeNames() { + return BUILTIN_ATTRIBUTES + .map(attr => attr.name) + .concat([ + 'internalLink', + 'imageLink', + 'includeNoteLink', + 'relationMapLink' + ]); +} + module.exports = { getNotesWithLabel, getNotesWithLabels, @@ -131,5 +142,6 @@ module.exports = { createAttribute, getAttributeNames, isAttributeType, - isAttributeDangerous -}; \ No newline at end of file + isAttributeDangerous, + getBuiltinAttributeNames +}; diff --git a/src/services/backup.js b/src/services/backup.js index 422406bd7..c1027a3d2 100644 --- a/src/services/backup.js +++ b/src/services/backup.js @@ -7,7 +7,9 @@ const dataDir = require('./data_dir'); const log = require('./log'); const sqlInit = require('./sql_init'); const syncMutexService = require('./sync_mutex'); +const attributeService = require('./attributes'); const cls = require('./cls'); +const utils = require('./utils'); const sqlite = require('sqlite'); const sqlite3 = require('sqlite3'); @@ -98,9 +100,14 @@ async function anonymize() { await db.run("UPDATE notes SET title = 'title'"); await db.run("UPDATE note_contents SET content = 'text' WHERE content IS NOT NULL"); await db.run("UPDATE note_revisions SET title = 'title'"); - await db.run("UPDATE note_revision_contents SET content = 'title' WHERE content IS NOT NULL"); - await db.run("UPDATE attributes SET name = 'name', value = 'value' WHERE type = 'label'"); - await db.run("UPDATE attributes SET name = 'name' WHERE type = 'relation' AND name != 'template'"); + await db.run("UPDATE note_revision_contents SET content = 'text' WHERE content IS NOT NULL"); + + // we want to delete all non-builtin attributes because they can contain sensitive names and values + // on the other hand builtin/system attrs should not contain any sensitive info + const builtinAttrs = attributeService.getBuiltinAttributeNames().map(name => "'" + utils.sanitizeSql(name) + "'").join(', '); + + await db.run(`UPDATE attributes SET name = 'name', value = 'value' WHERE type = 'label' AND name NOT IN(${builtinAttrs})`); + await db.run(`UPDATE attributes SET name = 'name' WHERE type = 'relation' AND name NOT IN (${builtinAttrs})`); await db.run("UPDATE branches SET prefix = 'prefix' WHERE prefix IS NOT NULL"); await db.run(`UPDATE options SET value = 'anonymized' WHERE name IN ('documentId', 'documentSecret', 'encryptedDataKey', 'passwordVerificationHash',