Flipez / hubot-rss-rolf

RSS Reader on Hubot
https://www.npmjs.org/package/hubot-rss-rolf
9 stars 4 forks source link

dump publishes private rooms #1

Closed localguru closed 7 years ago

localguru commented 7 years ago

Hi,

via rss dump it is possible to get names of private rooms in RocketChat, which is to my mind a kind of security risk as private room names are hidden to others.

Ciao Marcus

Flipez commented 7 years ago

Hi Marcus,

thanks for the notification!

I think this specific command isn't useful anyway so I'll remove it in the next version.

localguru commented 7 years ago

Hi Robert,

or a new ENV var as a list something like

HUBOT_RSS_DUMP_USER="username1, username2"

which limits the dump command to a list of users.

Ciao!

Flipez commented 7 years ago

@localguru I've removed the command and published the fix with version 1.1.1 to npm.

Let me know if you would like to change the dump behavior or feel free to create a PR.

localguru commented 7 years ago

Is there another way to find out what feeds Rolf stored to brain?

localguru commented 7 years ago

see https://github.com/Flipez/hubot-rss-rolf/pull/4