search

bitwarden / clients

Bitwarden client apps (web, browser extension, desktop, and cli).
https://bitwarden.com
Other
9.28k stars 1.25k forks source link

FSK import: should check "type" instead of "style" #2801

Closed steamwings closed 1 year ago

steamwings commented 2 years ago

Steps To Reproduce

The current FSK (F-Secure Key / ID Protection) importer is checking the "style" attribute of each entry (reference). This will be inaccurate for some entries which have other styles--I've seen "amazon", "microsoft", "apple" and others. These would be discarded by the current script.

The fix is to instead check the "type", which appears to only be 1 for passwords or 2 for cards.

(I implemented my own script which does this.)

Expected Result

All passwords from Key are imported

Actual Result

Passwords/cards from Key which had icons are not imported

Screenshots or Videos

No response

Additional Context

No response

Operating System

Windows

Operating System Version

No response

Web Browser

Microsoft Edge

Browser Version

No response

Build Version

2.25.1

djsmith85 commented 2 years ago

Hi @steamwings thank you for reporting this.

Seeing that you wrote your own script, would you be able to attach a sanitized fsecure export. Maybe a file you used for testing. We could then use that to create some test coverage for this importer.

steamwings commented 2 years ago

How's this?

{
  "data": {
    "6273c93508d347e09a67539a5a6c7728": {
      "color": "#00CCFF",
      "creditCvv": "",
      "creditExpiry": "",
      "creditNumber": "",
      "favorite": 1503865342,
      "notes": "",
      "password": "sanitized",
      "passwordList": [
        {
          "changedate": "1489067969",
          "password": "sanitized"
        }
      ],
      "rev": "9",
      "service": "Microsoft",
      "style": "windows-live",
      "type": 1,
      "url": "live.com",
      "username": "sanitized"
    },
    "9efcf543ed954160a067425669a2584f": {
      "color": "#E37B26",
      "creditCvv": "",
      "creditExpiry": "",
      "creditNumber": "",
      "favorite": 0,
      "notes": "",
      "password": "sanitized",
      "passwordList": [],
      "rev": 42,
      "service": "Amazon",
      "style": "amazon",
      "type": 1,
      "url": "www.amazon.com",
      "username": "sanitized"
    },
    "9efcf543ed954160a067425669a25850": {
      "color": "#00A34D",
      "creditCvv": "",
      "creditExpiry": "",
      "creditNumber": "",
      "favorite": 0,
      "notes": "",
      "password": "sanitized",
      "passwordList": [],
      "rev": 1,
      "service": "Starbucks",
      "style": "initials",
      "type": 1,
      "url": "",
      "username": "sanitized"
    },
    "9efcf543ed954160a067425669a25851": {
      "color": "#000000",
      "createdDate": "1636730532",
      "favorite": 0,
      "notes": "",
      "password": "sanitized",
      "passwordList": [],
      "rev": "1",
      "service": "DC",
      "style": "",
      "type": 1,
      "url": "",
      "username": "sanitized"
    },
    "9efcf543ed954160a067425669a25852": {
      "autofillAndroid": "www.redfin.com",
      "color": "#0065C1",
      "favorite": 0,
      "notes": "",
      "password": "sanitized",
      "passwordList": [],
      "rev": "1",
      "service": "Redfin",
      "style": "redfin",
      "type": 1,
      "url": "",
      "username": "sanitized"
    },
    "9efcf543ed954160a067425669a25853": {
      "color": "#999999",
      "createdDate": "1623369171",
      "favorite": 0,
      "notes": "",
      "password": "sanitized",
      "passwordList": [],
      "rev": "1",
      "service": "Dominos",
      "style": "",
      "type": 1,
      "url": "",
      "username": "sanitized"
    },
    "9efcf543ed954160a067425669a25854": {
      "color": "#BA66FF",
      "creditCvv": "sanitized",
      "creditExpiry": "sanitized",
      "creditNumber": "sanitized",
      "favorite": 0,
      "notes": "",
      "password": "sanitized",
      "passwordList": [],
      "rev": 8,
      "service": "Card 1",
      "style": "creditcard",
      "type": 2,
      "url": "",
      "username": "sanitized"
    },
    "9efcf543ed954160a067425669a25855": {
      "color": "#0065C1",
      "creditCvv": "sanitized",
      "creditExpiry": "sanitized",
      "creditNumber": "sanitized",
      "favorite": 0,
      "notes": "note",
      "password": "sanitized",
      "passwordList": [],
      "rev": "4",
      "service": "Card 2",
      "style": "",
      "type": 2,
      "url": "",
      "username": "sanitized"
    }
  }
}
djsmith85 commented 2 years ago

@steamwings Thank you for the example file. It would be great to have every field filled with a valid value so we can also check the types and formatting (most are string but some might be numbers).

Examples: creditCvv, creditExpiry, creditNumber, favorite (at least in the first example is a large number compared to 0/1).

Do you happen to know what the autofillAndroid is for and how would the url be structured on what seems to be an Android entry (androidapp://com.android.chrome or just the package id/name)

steamwings commented 2 years ago

Checking again, all my non-zero favorite values are actually unix timestamps.

I don't have much insight to offer on the autofillAndroid entry, but that is the original value.

Formatting/validation of creditCvv, creditExpiry, and creditNumber is pretty much left to the user and they are outputted as strings...so "sanitized" is technically valid. (The label in the Android app for creditExpiry is Expiry Date: MM/YY, but if memory serves that format recommendation was added a year or two ago.)

djsmith85 commented 2 years ago

@steamwings Thanks for the clarification and follow up.