Project files leak user identity / developer system information

[John-Titor]

Describe the bug It may be hazardous for individuals to share Ghidra project files due to their containing usernames and whole paths.

To Reproduce Examine the project.prp file and see the OWNER property contains the creating user's username.

Examine the projectState file and potentially see one or more LOCATION_x properties containing whole pathnames that may include e.g. the user's home directory path (revealing their username), parent directory paths that may leak e.g. organisational affiliation or other information outside the scope of the project.

Expected behavior Project files should only contain information pertinent to the project.

Environment (please complete the following information):

• OS: macOS 14.5
• Java Version: 21.0.2
• Ghidra Version: 11.0.3
• Ghidra Origin: via Homebrew

[ghidra1]

The project files you mentioned are not intended to be shared. Since the local project is tied to the project creator it is unclear why you would share them. Project archive and ghidra file archives (*.gzf) are the preferred sharing mechanism separate from a shared online repository.