Filter settings exported when rageshaking (#30236)

* Submit filtered settings to rageshakes and sentry. * Add flag to omit some settings from being exported. * Hide user timezone * Hide recent searches and media event ids * Lint * use better wording * lint * Prevent language from being sent * Add tests to check keys are prevented from being uploaded. * don't export invite rules * Update tests
2025-07-02 09:03:31 +01:00
parent 99f7656d09
commit e1fea71c97
7 changed files with 107 additions and 34 deletions
--- a/src/rageshake/submit-rageshake.ts
+++ b/src/rageshake/submit-rageshake.ts
@@ -171,7 +171,7 @@ async function collectSynapseSpecific(client: MatrixClient, body: FormData): Pro
        } catch {
            try {
                // If that fails we'll hit any endpoint and look at the server response header
-                const res = await window.fetch(client.http.getUrl("/login"), {
+                const res = await fetch(client.http.getUrl("/login"), {
                    method: "GET",
                    mode: "cors",
                });
@@ -257,7 +257,7 @@ export function collectSettings(body: FormData): void {
        body.append("lowBandwidth", "enabled");
    }

-    body.append("mx_local_settings", localStorage.getItem("mx_local_settings")!);
+    body.append("mx_local_settings", SettingsStore.exportForRageshake());
 }

 /**
--- a/src/sentry.ts
+++ b/src/sentry.ts
@@ -141,7 +141,7 @@ async function getCryptoContext(client: MatrixClient): Promise<CryptoContext> {
 function getDeviceContext(client: MatrixClient): DeviceContext {
    const result: DeviceContext = {
        device_id: client?.deviceId ?? undefined,
-        mx_local_settings: localStorage.getItem("mx_local_settings"),
+        mx_local_settings: SettingsStore.exportForRageshake(),
    };

    if (window.Modernizr) {
--- a/src/settings/Settings.tsx
+++ b/src/settings/Settings.tsx
@@ -173,6 +173,11 @@ export interface IBaseSetting<T extends SettingValueType = SettingValueType> {

    // Whether the setting should have a warning sign in the microcopy
    shouldWarn?: boolean;
+
+    /**
+     * Whether the setting should be exported in a rageshake report.
+     */
+    shouldExportToRageshake?: boolean;
 }

 export interface IFeature extends Omit<IBaseSetting<boolean>, "isFeature"> {
@@ -441,6 +446,8 @@ export const SETTINGS: Settings = {
        controller: new InviteRulesConfigController(),
        supportedLevels: [SettingLevel.ACCOUNT],
        default: InviteRulesConfigController.default,
+        // Contains server names
+        shouldExportToRageshake: false,
    },
    "feature_report_to_moderators": {
        isFeature: true,
@@ -503,10 +510,14 @@ export const SETTINGS: Settings = {
    "mjolnirRooms": {
        supportedLevels: [SettingLevel.ACCOUNT],
        default: [],
+        // Contains room IDs
+        shouldExportToRageshake: false,
    },
    "mjolnirPersonalRoom": {
        supportedLevels: [SettingLevel.ACCOUNT],
        default: null,
+        // Contains room ID
+        shouldExportToRageshake: false,
    },
    "feature_html_topic": {
        isFeature: true,
@@ -797,6 +808,8 @@ export const SETTINGS: Settings = {
        supportedLevels: LEVELS_DEVICE_ONLY_SETTINGS,
        displayName: _td("settings|preferences|user_timezone"),
        default: "",
+        // Location leak
+        shouldExportToRageshake: false,
    },
    "userTimezonePublish": {
        // This is per-device so you can avoid having devices overwrite each other.
@@ -913,6 +926,8 @@ export const SETTINGS: Settings = {
    "custom_themes": {
        supportedLevels: LEVELS_ACCOUNT_SETTINGS,
        default: [],
+        // Potential privacy leak via theme origin
+        shouldExportToRageshake: false,
    },
    "use_system_theme": {
        supportedLevels: LEVELS_DEVICE_ONLY_SETTINGS,
@@ -974,26 +989,36 @@ export const SETTINGS: Settings = {
    "language": {
        supportedLevels: LEVELS_DEVICE_ONLY_SETTINGS_WITH_CONFIG,
        default: "en",
+        // For privacy
+        shouldExportToRageshake: false,
    },
    "breadcrumb_rooms": {
        // not really a setting
        supportedLevels: [SettingLevel.ACCOUNT],
        default: [],
+        // Contains joined rooms
+        shouldExportToRageshake: false,
    },
    "recent_emoji": {
        // not really a setting
        supportedLevels: [SettingLevel.ACCOUNT],
        default: [],
+        // For privacy
+        shouldExportToRageshake: false,
    },
    "SpotlightSearch.recentSearches": {
        // not really a setting
        supportedLevels: [SettingLevel.ACCOUNT],
        default: [], // list of room IDs, most recent first
+        // For privacy
+        shouldExportToRageshake: false,
    },
    "showMediaEventIds": {
        // not really a setting
        supportedLevels: [SettingLevel.DEVICE],
        default: {}, // List of events => is visible
+        // Exports event IDs
+        shouldExportToRageshake: false,
    },
    "SpotlightSearch.showNsfwPublicRooms": {
        supportedLevels: LEVELS_ACCOUNT_SETTINGS,
@@ -1003,6 +1028,8 @@ export const SETTINGS: Settings = {
    "room_directory_servers": {
        supportedLevels: [SettingLevel.ACCOUNT],
        default: [],
+        // Contains connected servers for user
+        shouldExportToRageshake: false,
    },
    "integrationProvisioning": {
        supportedLevels: [SettingLevel.ACCOUNT],
@@ -1012,6 +1039,7 @@ export const SETTINGS: Settings = {
        supportedLevels: [SettingLevel.ROOM_ACCOUNT, SettingLevel.ROOM_DEVICE],
        supportedLevelsAreOrdered: true,
        default: {}, // none allowed
+        shouldExportToRageshake: false,
    },
    // Legacy, kept around for transitionary purposes
    "analyticsOptIn": {
@@ -1086,6 +1114,8 @@ export const SETTINGS: Settings = {
    "notificationSound": {
        supportedLevels: LEVELS_ROOM_OR_ACCOUNT,
        default: false,
+        // Contains personal information in file name
+        shouldExportToRageshake: false,
    },
    "notificationBodyEnabled": {
        supportedLevels: LEVELS_DEVICE_ONLY_SETTINGS,
@@ -1112,6 +1142,8 @@ export const SETTINGS: Settings = {
            allow: [],
            deny: [],
        },
+        // Expses widget information
+        shouldExportToRageshake: false,
    },
    "breadcrumbs": {
        supportedLevels: LEVELS_ACCOUNT_SETTINGS,
@@ -1201,6 +1233,8 @@ export const SETTINGS: Settings = {
        // deprecated
        supportedLevels: LEVELS_ROOM_OR_ACCOUNT,
        default: {},
+        // Sensitive information in widget ID
+        shouldExportToRageshake: false,
    },
    "Widgets.layout": {
        supportedLevels: LEVELS_ROOM_OR_ACCOUNT,
@@ -1275,6 +1309,8 @@ export const SETTINGS: Settings = {
    "activeCallRoomIds": {
        supportedLevels: LEVELS_DEVICE_ONLY_SETTINGS,
        default: [],
+        // Contains room IDs
+        shouldExportToRageshake: false,
    },
    /**
     * Enable or disable the release announcement feature
--- a/src/settings/SettingsStore.ts
+++ b/src/settings/SettingsStore.ts
@@ -883,6 +883,21 @@ export default class SettingsStore {
        logger.log(`--- END DEBUG`);
    }

+    /**
+     * Export all settings as a JSON object, except for settings
+     * blocked from being exported by `shouldExportToRageshake`.
+     * @returns Settings as a JSON object string.
+     */
+    public static exportForRageshake(): string {
+        const settingMap: Record<string, unknown> = {};
+        for (const settingKey of (Object.keys(SETTINGS) as SettingKey[]).filter(
+            (s) => SETTINGS[s].shouldExportToRageshake !== false,
+        )) {
+            settingMap[settingKey] = SettingsStore.getValue(settingKey);
+        }
+        return JSON.stringify(settingMap);
+    }
+
    private static getHandler(settingName: SettingKey, level: SettingLevel): SettingsHandler | null {
        const handlers = SettingsStore.getHandlers(settingName);
        if (!handlers[level]) return null;