code-settings-sync icon indicating copy to clipboard operation
code-settings-sync copied to clipboard

Published 20 hours ago verified publisher icon shanalikhan

User data gets uploaded

Open PeterMinin opened this issue 2 years ago • 5 comments

🐛 Describe the bug
Since VSCode 1.66 the User folder is likely to contain private user data under a "History" subfolder, such as copies of edited files, for a new Local history feature. The extension uploads any such copies of JSON files, which may leak sensitive data. For non-json files, the contents are not uploaded, but the filenames are, as part of "entries.json" files. Apart from the "History" folder, any JSONs in the "globalStorage" folder (where extensions store their data) are uploaded as well, which is likely undesirable.

🌴 Visual Studio Code Version : 1.66.1 🌴 Code Settings Sync Version : 3.4.3 🌴 Standard or Insiders : Standard 🌴 Portable or Installed : Installed 🌴 OSS or Official Build : Official 🌴 Operating System : Windows 10 🌴 Occurs On: Upload

📰 To Reproduce Steps to reproduce the behavior:

  1. Update VSCode to 1.66 or later. Leave the new setting "workbench.localHistory.enabled" on.
  2. Edit a JSON file, save.
  3. Run "Sync: Update/Upload Settings".
  4. To go your Gist, see the JSON file and a corresponding "History\*\entries.json" uploaded.

💪 Expected behavior At a minimum, the "History" folder is ignored. For a future-proof solution, I suggest switching the behavior from "include by default" to "exclude by default" and adding a new configuration variable to syncLocalSettings.json, listing the files to upload.

📺 Console Error Log Not applicable.

📺 Additional context This might be the cause of #1340.

PeterMinin avatar Apr 09 '22 17:04 PeterMinin

As a workaround for now:

  1. Open syncLocalSettings.json (located next to your user settings.json).
  2. Find a "ignoreUploadFolders" variable.
  3. Add "History" and, optionally, "globalStorage" to the array.
  4. Run "Sync: Update/Upload Settings".
  5. Go to your Gist, verify that a) the extra files are not listed on the "Code" tab, but b) they are still available through Revisions.
  6. If some sensitive data has been uploaded, see here. You can clone the Gist as a git repo, edit the history and force-push it (you'll need to do git remote add ... manually before you can push).

PeterMinin avatar Apr 09 '22 17:04 PeterMinin

when will you publish v3.4.4

As a workaround for now:

  1. Open syncLocalSettings.json (located next to your user settings.json).
  2. Find a "ignoreUploadFolders" variable.
  3. Add "History" and, optionally, "globalStorage" to the array.
  4. Run "Sync: Update/Upload Settings".
  5. Go to your Gist, verify that a) the extra files are not listed on the "Code" tab, but b) they are still available through Revisions.
  6. If some sensitive data has been uploaded, see here. You can clone the Gist as a git repo, edit the history and force-push it (you'll need to do git remote add ... manually before you can push).

EricWong1994 avatar Jul 07 '22 15:07 EricWong1994

As a workaround for now:

thank you so much~

EricWong1994 avatar Jul 07 '22 15:07 EricWong1994

This issue (of excessive files) is causing extensions to not sync. So it's not just a lousy side-effect but is affecting the goal of the extension.

I tried to sync a new computer, but the console said there were no extensions (there are 33 of them actually). So I cloned the gist, deleted all History*, globalStorage* files and committed. Trying again (with the excessive files gone) synched the extensions successfully.

sanjarcode avatar Aug 10 '22 20:08 sanjarcode

These steps worked to remove all the History from my Gist and allowed for me to actually backup my settings. Thanks you.

davidkartuzinski avatar Sep 25 '22 23:09 davidkartuzinski