Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Joplin cloud user details should not be printed to log file #11587

Open
mrjo118 opened this issue Jan 6, 2025 · 0 comments
Open

Joplin cloud user details should not be printed to log file #11587

mrjo118 opened this issue Jan 6, 2025 · 0 comments
Labels
bug It's a bug

Comments

@mrjo118
Copy link
Contributor

mrjo118 commented Jan 6, 2025

Operating system

Windows

Joplin version

3.2.3

Desktop version info

No response

Current behaviour

I noticed when looking at some log files posted on a Joplin issue report, that where the user is a Joplin cloud user, the log file may contain mildly sensitive information. An example output with the information redacted is:
01-02T10:03:16: userFetcher: Got user: {"account_type":2,"can_use_share_permissions":0,"created_time":1696361973193,"email":"REDACTED","full_name":"REDACTED","id":"S0ttpZ09fP0v9Op8VvlXA0","inbox_email":"REDACTED","inbox_id":"","updated_time":1735840837861}

In userFetcher.ts, the code writes the owner details to the log via this line:
logger.info('Got user:', owner);

Expected behaviour

Before writing the owner details to the log, the email and full_name should to be obfuscated. The inbox_email is potentially fine to print to the log as is

Logs

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug It's a bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix: Redact sensitive user details from logs in userFetcher.ts haresahani/joplin
1 participant
@mrjo118