Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PDE-5641: feat(core) capture CLI arguments in analytics safely #944

Merged
merged 5 commits into from
Jan 9, 2025
Merged

PDE-5641: feat(core) capture CLI arguments in analytics safely #944

merged 5 commits into from
Jan 9, 2025
+3 −5

Conversation

Natay
Copy link
Contributor

@Natay Natay commented Jan 7, 2025
edited
Loading

Capture the argument + flags keys ( no values ) that are being used

Related MR: https://gitlab.com/zapier/zapier/-/merge_requests/60772

Screenshot 2025-01-08 at 11 58 46 AM Screenshot 2025-01-08 at 11 59 06 AM

@Natay Natay changed the title DRAFT: PDE-5641 feat(core) capture CLI arguments in analytics safly DRAFT: PDE-5641 feat(core) capture CLI arguments in analytics safely Jan 7, 2025
@Natay Natay marked this pull request as ready for review January 7, 2025 21:32
@Natay Natay requested a review from a team as a code owner January 7, 2025 21:32
@Natay Natay changed the title DRAFT: PDE-5641 feat(core) capture CLI arguments in analytics safely PDE-5641: feat(core) capture CLI arguments in analytics safely Jan 7, 2025
eliangcs
eliangcs reviewed Jan 8, 2025
View reviewed changes
packages/cli/src/utils/analytics.js Outdated
Comment on lines 26 to 36
const doNotRecord = [
'key-value pairs...',
'keys...',
'path',
'email',
'message',
'user',
'account',
'redirect-uri',
'inputData',
];
Copy link
Member

@eliangcs eliangcs Jan 8, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It'd be easy to forget to update this list when developing a new CLI command or adding a command argument.

Or, do we need to capture the values of arguments and flags? I think we can learn enough by capturing only the keys of arguments and flags.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was thinking the extra detail enables more precise segmentation of user behavior but we don't need to be that granular right now! I'll update this!

If we want this in the future, do you think having the doNotRecord list as an exported asset in ZapierBaseCommand.js close to where new CLI arguments/commands are added would be a sufficient safeguard?

Copy link
Member

@eliangcs eliangcs Jan 9, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for updating!

Regarding:

do you think having the doNotRecord list as an exported asset in ZapierBaseCommand.js close to where new CLI arguments/commands are added would be a sufficient safeguard?

I still don't think that would be sufficient. I think an allowlist (like doRecord) instead of a denylist (doNotRecord) would be a better safeguard. So, even if we forget to update the allowlist, we won't accidentally send unwanted data to the analytics endpoint.

@Natay Natay requested a review from eliangcs January 8, 2025 17:25
@Natay Natay merged commit 9080e9e into main Jan 9, 2025
14 checks passed
@Natay Natay deleted the poc_safely_capture_cli_args_in_analytics branch January 9, 2025 12:48
@Natay Natay mentioned this pull request Jan 9, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eliangcs eliangcs eliangcs approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Natay @eliangcs