search

shanalikhan / code-settings-sync

šŸŒ“šŸ’Ŗ Synchronize your Visual Studio Code Settings Across Multiple Machines using GitHub GIST šŸ’ŖšŸŒ“
https://marketplace.visualstudio.com/items?itemName=Shan.code-settings-sync
MIT License
4.02k stars 390 forks source link

User data gets uploaded #1341

Open PeterMinin opened 2 years ago

PeterMinin commented 2 years ago

šŸ› Describe the bug
Since VSCode 1.66 the User folder is likely to contain private user data under a "History" subfolder, such as copies of edited files, for a new Local history feature. The extension uploads any such copies of JSON files, which may leak sensitive data. For non-json files, the contents are not uploaded, but the filenames are, as part of "entries.json" files. Apart from the "History" folder, any JSONs in the "globalStorage" folder (where extensions store their data) are uploaded as well, which is likely undesirable.

šŸŒ“ Visual Studio Code Version : 1.66.1 šŸŒ“ Code Settings Sync Version : 3.4.3 šŸŒ“ Standard or Insiders : Standard šŸŒ“ Portable or Installed : Installed šŸŒ“ OSS or Official Build : Official šŸŒ“ Operating System : Windows 10 šŸŒ“ Occurs On: Upload

šŸ“° To Reproduce Steps to reproduce the behavior:

  1. Update VSCode to 1.66 or later. Leave the new setting "workbench.localHistory.enabled" on.
  2. Edit a JSON file, save.
  3. Run "Sync: Update/Upload Settings".
  4. To go your Gist, see the JSON file and a corresponding "History\*\entries.json" uploaded.

šŸ’Ŗ Expected behavior At a minimum, the "History" folder is ignored. For a future-proof solution, I suggest switching the behavior from "include by default" to "exclude by default" and adding a new configuration variable to syncLocalSettings.json, listing the files to upload.

šŸ“ŗ Console Error Log Not applicable.

šŸ“ŗ Additional context This might be the cause of #1340.

PeterMinin commented 2 years ago

As a workaround for now:

  1. Open syncLocalSettings.json (located next to your user settings.json).
  2. Find a "ignoreUploadFolders" variable.
  3. Add "History" and, optionally, "globalStorage" to the array.
  4. Run "Sync: Update/Upload Settings".
  5. Go to your Gist, verify that a) the extra files are not listed on the "Code" tab, but b) they are still available through Revisions.
  6. If some sensitive data has been uploaded, see here. You can clone the Gist as a git repo, edit the history and force-push it (you'll need to do git remote add ... manually before you can push).
EricWong1994 commented 2 years ago

when will you publish v3.4.4

As a workaround for now:

  1. Open syncLocalSettings.json (located next to your user settings.json).
  2. Find a "ignoreUploadFolders" variable.
  3. Add "History" and, optionally, "globalStorage" to the array.
  4. Run "Sync: Update/Upload Settings".
  5. Go to your Gist, verify that a) the extra files are not listed on the "Code" tab, but b) they are still available through Revisions.
  6. If some sensitive data has been uploaded, see here. You can clone the Gist as a git repo, edit the history and force-push it (you'll need to do git remote add ... manually before you can push).
EricWong1994 commented 2 years ago

As a workaround for now:

thank you so much~

sanjarcode commented 2 years ago

This issue (of excessive files) is causing extensions to not sync. So it's not just a lousy side-effect but is affecting the goal of the extension.

I tried to sync a new computer, but the console said there were no extensions (there are 33 of them actually). So I cloned the gist, deleted all History, globalStorage files and committed. Trying again (with the excessive files gone) synched the extensions successfully.

davidkartuzinski commented 1 year ago

These steps worked to remove all the History from my Gist and allowed for me to actually backup my settings. Thanks you.