Encrypted note - tmp folder flooded with plaintext documents as I type, and aren't purged when I lock the note. Big yikes!

[markmonroy]

Description

Hello,

Today I was slightly mortified to discover a few things about my one encrypted note:

• When opened, it's decrypted into ~Library/Containers/co.fluder.FSNotes/Data/tmp/Encryption (this is not the mortifying part; I understand the note needs to be decrypted to access it)
• As I type into the note, every keystroke (or less) seems to create a new folder containing a copy the decrypted document bundle. See crazy screenshot below. I typed about 2000 characters into the document, and while typing these folders multiplied into 9,504! Each one containing the same .textbundle with different stages of my modification of the note.
• When I lock the note, these .textbundles do not disappear. I have to quit out of FSNotes entirely to get the temporary folders to purge. I don't often completely quit out of FSNotes
• I discovered this bug by searching Finder for a keyword I knew was only in the encrypted doc and finding 9,504 results.

So I say "slightly" mortified because I live alone and am the only one with physical access to this machine, and this is just my silly journal, but for anyone relying on FSNotes to encrypt sensitive data this seems like a huge gaping hole. Hopefully this is easily remedied.

To Reproduce

1. Open encrypted note
2. Type a bunch of stuff
3. Open ~Library/Containers/co.fluder.FSNotes/Data/tmp/Encryption and find so many .textbundles that Finder crashes
4. Freak out

Expected behavior

Decrypting a note should result in a single decrypted .textbundle in temporary storage. Locking the note should purge the decrypted .textbundle.

FSNotes version

6.7.0 (618)

macOS/iOS version

Sonoma 14.4

Additional context

I don't think it's related, since the tmp storage is not in iCloud, but in case it's relevant, I do have "Automatic iCloud Drive conflicts resolution" UNchecked. I was one of those experiencing the bug a while back where multiple conflicted copies of regular unencrypted notes were being created as I typed.

Also tested with a brand new encrypted note; same result.

A couple more things I tried - creating an encrypted folder with a new note, rebooting my Mac, turning the iCloud conflict resolution setting on and off. All resulted in the same flood of temporary bundles. Would be curious to hear if anyone else can recreate this problem on their installation of FSNotes.

[markmonroy]

Still grappling with this issue. As a starting point, can anyone reading this recreate the same behavior on their own system? Knowing whether it's a "me only" problem will help troubleshooting. Or, even just hearing whether anyone agrees/disagrees that this is even a problem will help give me some perspective. Obviously I'm not a programmer, so I don't know if there's a valid reason for a 56kb text file to multiply into 500mb worth of textbundles when decrypted and edited. Thanks.

[markmonroy]

A couple more observations -

• I tried on a separate Ventura 13.6 Mac and was unable to recreate the issue. In fact, no tmp files were created at all!
• On my main Sonoma machine, I tried moving my notes to various locations outside of iCloud, and the issue persisted.

So not sure if there's a Sonoma-specific change to the Mac file system that necessitates the flood of temp files while editing? Very curious if anyone else has similar observations.

[glushchenko]

Hi!

This folder auto removes after Quit from app ~/Library/Containers/co.fluder.FSNotes/Data/tmp/Encryption

[markmonroy]

Yes, that’s true, but until the app is quit (don’t most of us leave it open for quick access?), the content of locked notes is searchable in finder. And why does it need to make thousands of temp files for a single note? I see you closed it as “not planned” but I still think the behavior is not ideal and I would like to understand it better. It’s just a bummer because I use fsnotes for all my regular unencrypted notes, and would love to continue to use it for encrypted notes as well.  But not at the expense of wearing out my ssd faster, or risking having the file live unencrypted on a backup snapshot somewhere just because I like to keep the app open. Hopefully you understand where I’m coming from! On Apr 14, 2024, at 7:47 AM, Oleksandr H. @.***> wrote: Hi! This folder auto removes after Quit from app ~/Library/Containers/co.fluder.FSNotes/Data/tmp/Encryption

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: @.***>

[gingerbeardman]

Personally, I do see the issue of having unencrypted versions of a file stored temporarily.

[glushchenko]

There's a problem, but I'm not going to solve it. Whoever needs it will make a PR.

[markmonroy]

Aw. I need it, but unfortunately am not a programmer. Hopefully someone smarter than me notices the problem and is able to fix. I love FSNotes so much and I don’t want to give it up.

[olfway]

If it's a problem then why close the issue? Encrypted note shouldn't be stored in plain text at all

[markmonroy]

@glushchenko I see you quietly fixed this issue at some point; no longer seeing the flood of .textbundles in tmp, and the single unencrypted note disappears when the note is locked. Thank you very much, I really appreciate the effort.

[glushchenko]

@markmonroy I didn't fix anything in that direction.

[markmonroy]

Oh, interesting! I wonder if squashing a different bug somehow fixed this one as well. Either way, I'm happy, and I appreciate your work.

[gingerbeardman]

If you're feeling daring you could step through previous versions and see where/if the behaviour changes with any version in particular.

[markmonroy]

Great idea! And the answer is...drumroll....6.9.2.

Lots of fixes in that release. I wonder if it was somehow related to #1701. It wasn't my main concern, but I did notice some cursor jumping as the notes flooded into the tmp dir.