You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When game crashes itch app shows message asking to "Report broken" game. This feature uploads log onto gist.github.com and opens a "New issue" github page for itch-compatibility-watchlist repo in browser. And here is the problem: log is uploaded as an anonymous "secret" gist. It's not really secret, because a link to the gist will be posted in issue's public text. And it's anonymous, which means it cannot be deleted or changed by anyone. Log includes some innocent stuff, like app manifest content, but also name of the user's home directory (which may or may not be sensitive), and full stdout log of the game. In my case stdout log contained pretty sensitive data, like environment variables with some API keys and some other details about system environment. My game was printing those for development purposes, but I would say a lot of released games output excessive amount of data into their logs, and inability to filter some data out before reporting is seriously bad.
Could the log be posted as non-anonymous gist, for example? As you need to be logged in Github to post an issue, you are probably logged in gist.github.com too. Then you will be able to edit or delete the gist.
Or maybe post log inline in issue's text? Or maybe use some specialized service for error reporting, allowing to report bugs privately to developers. It's also will be easier for users: not every user has an account on Github ;)
The text was updated successfully, but these errors were encountered:
In my case stdout log contained pretty sensitive data, like environment variables with some API keys
This is no longer true as of 7a8de28 - a stable version was never released that leaks the environment.
Could the log be posted as non-anonymous gist, for example?
That would require linking up your GitHub account with itch.io, as the gist is created by the app via an API request, not in the browser where you're logged in.
Or maybe post log inline in issue's text?
We used to do this but was reaching max URL length (since the issue's body is url-encoded and passed as a GET parameter).
To address the overall issue: I'm planning on moving from gist to something itch.io-controlled which both the reporter and admins (and contributors?) can see when logged into their itch.io account, and that the reporter can delete whenever they want to.
fasterthanlime
changed the title
Sensitive data could be exposed via "Report broken" feature
Move away from gist for better automatic reports
Jul 3, 2016
This is no longer true as of 7a8de28 - a stable version was never released that leaks the environment.
No, I meant that my game, not itch app, was leaking data by printing them onto stdout for development purposes. I just didn't expect it to be sent as a gist. And I think I've seen a lot of released games outputting a lot of data on stdout, and presumably not expecting to expose those publicly either.
I'm planning on moving from gist to something itch.io-controlled which both the reporter and admins (and contributors?) can see when logged into their itch.io account, and that the reporter can delete whenever they want to.
When game crashes itch app shows message asking to "Report broken" game. This feature uploads log onto gist.github.com and opens a "New issue" github page for
itch-compatibility-watchlist
repo in browser. And here is the problem: log is uploaded as an anonymous "secret" gist. It's not really secret, because a link to the gist will be posted in issue's public text. And it's anonymous, which means it cannot be deleted or changed by anyone. Log includes some innocent stuff, like app manifest content, but also name of the user's home directory (which may or may not be sensitive), and full stdout log of the game. In my case stdout log contained pretty sensitive data, like environment variables with some API keys and some other details about system environment. My game was printing those for development purposes, but I would say a lot of released games output excessive amount of data into their logs, and inability to filter some data out before reporting is seriously bad.Could the log be posted as non-anonymous gist, for example? As you need to be logged in Github to post an issue, you are probably logged in gist.github.com too. Then you will be able to edit or delete the gist.
Or maybe post log inline in issue's text? Or maybe use some specialized service for error reporting, allowing to report bugs privately to developers. It's also will be easier for users: not every user has an account on Github ;)
The text was updated successfully, but these errors were encountered: