From 6ca49f9d5474d37281681ea571fa74e43828ca84 Mon Sep 17 00:00:00 2001 From: freya Date: Thu, 2 Feb 2023 15:27:00 +0000 Subject: [PATCH] fix(core): Prevent shared user details being saved alongside execution data (#5334) * :hammer: - Remove `shared` key from execution save data * :shirt: - Using import type where needed * remove console.log * :hammer: - Create new clean workflowData instead of removing shared If IWorkflowBase changes in future, TS will error out here ensuring it's kept up to date * :hammer: - use lodash.pick for less verbosity * :hammer: - fix lodash imports --- .../cli/src/WorkflowExecuteAdditionalData.ts | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/packages/cli/src/WorkflowExecuteAdditionalData.ts b/packages/cli/src/WorkflowExecuteAdditionalData.ts index 451cb6814..c81d08c69 100644 --- a/packages/cli/src/WorkflowExecuteAdditionalData.ts +++ b/packages/cli/src/WorkflowExecuteAdditionalData.ts @@ -41,6 +41,7 @@ import { WorkflowHooks, } from 'n8n-workflow'; +import pick from 'lodash.pick'; import { LessThanOrEqual } from 'typeorm'; import { DateUtils } from 'typeorm/util/DateUtils'; import config from '@/config'; @@ -583,13 +584,28 @@ function hookFunctionsSave(parentProcessMode?: string): IWorkflowExecuteHooks { } } + // Although it is treated as IWorkflowBase here, it's being instantiated elsewhere with properties that may be sensitive + // As a result, we should create an IWorkflowBase object with only the data we want to save in it. + const pristineWorkflowData: IWorkflowBase = pick(this.workflowData, [ + 'id', + 'name', + 'active', + 'createdAt', + 'updatedAt', + 'nodes', + 'connections', + 'settings', + 'staticData', + 'pinData', + ]); + const fullExecutionData: IExecutionDb = { data: fullRunData.data, mode: fullRunData.mode, finished: fullRunData.finished ? fullRunData.finished : false, startedAt: fullRunData.startedAt, stoppedAt: fullRunData.stoppedAt, - workflowData: this.workflowData, + workflowData: pristineWorkflowData, waitTill: fullRunData.waitTill, };