Skip to content
This repository has been archived by the owner on Oct 9, 2021. It is now read-only.

Non-file type activity not sanitized #236

Open
kunaltyagi opened this issue Oct 20, 2020 · 3 comments
Open

Non-file type activity not sanitized #236

kunaltyagi opened this issue Oct 20, 2020 · 3 comments
Assignees
@alanhamlett

Comments

@kunaltyagi
Copy link

Use of bash plugin still allows sensitive names to leave the computer. See irondoge/bash-wakatime#12

How to reproduce:

  1. Populate hide_{file,project}_names in .wakatime.cfg
  2. Install bash plugin
  3. Use those ""hidden"" directories
  4. ??
  5. Leak all sensitive names
@alanhamlett
Copy link
Member

Those settings are skipped for Terminal and other non-file activity:
https://github.com/wakatime/wakatime/blob/a05026c791794bdd2530d0883f63d100d4f06b47/wakatime/heartbeat.py#L155

@alanhamlett alanhamlett changed the title Breach of privacy as stated in the FAQ Non-file type activity not sanitized Oct 20, 2020
@alanhamlett
Copy link
Member

Upgrade your wakatime to v3.1.0 and see if it works now?

@kunaltyagi
Copy link
Author

kunaltyagi commented Oct 20, 2020
edited
Loading

Those settings are skipped for Terminal and other non-file activity

This isn't mentioned anywhere. It doesn't make sense to send folder details when the path is being obfuscated.

I've updated the wakatime version (13.1.0), and will report back later (when I've tested it).

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@alanhamlett alanhamlett

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alanhamlett @kunaltyagi