From 41711d8ab5ffbfaf3923218796b3dee5f1f91bfb Mon Sep 17 00:00:00 2001 From: Simon Michael Date: Sun, 21 Jan 2024 11:54:49 -1000 Subject: [PATCH] fix:--anon: now hidden, gives an error, still usable as --obfuscate [#2133] --- doc/common.m4 | 3 --- hledger-lib/Hledger/Read/Common.hs | 2 +- hledger-lib/Hledger/Read/InputOptions.hs | 2 +- hledger/Hledger/Cli/Anon.hs | 6 +++-- hledger/Hledger/Cli/CliOptions.hs | 9 ++++--- hledger/Hledger/Cli/Utils.hs | 17 ++++++++++-- hledger/test/journal/anon.test | 34 ++++++++++++++++-------- 7 files changed, 49 insertions(+), 24 deletions(-) diff --git a/doc/common.m4 b/doc/common.m4 index 349b7600f..bd879c296 100644 --- a/doc/common.m4 +++ b/doc/common.m4 @@ -87,9 +87,6 @@ m4_define({{_inputoptions_}}, {{ `--alias=OLD=NEW` : rename accounts named OLD to NEW -`--anon` -: anonymize accounts and payees - `--pivot FIELDNAME` : use some other field or tag for the account name diff --git a/hledger-lib/Hledger/Read/Common.hs b/hledger-lib/Hledger/Read/Common.hs index 18e576a36..728621f6a 100644 --- a/hledger-lib/Hledger/Read/Common.hs +++ b/hledger-lib/Hledger/Read/Common.hs @@ -213,7 +213,7 @@ rawOptsToInputOpts day rawopts = mformat_ = Nothing ,mrules_file_ = maybestringopt "rules-file" rawopts ,aliases_ = listofstringopt "alias" rawopts - ,anon_ = boolopt "anon" rawopts + ,anon_ = boolopt "obfuscate" rawopts ,new_ = boolopt "new" rawopts ,new_save_ = True ,pivot_ = stringopt "pivot" rawopts diff --git a/hledger-lib/Hledger/Read/InputOptions.hs b/hledger-lib/Hledger/Read/InputOptions.hs index 7357a624b..f5ee2765e 100644 --- a/hledger-lib/Hledger/Read/InputOptions.hs +++ b/hledger-lib/Hledger/Read/InputOptions.hs @@ -29,7 +29,7 @@ data InputOpts = InputOpts { -- by a filename prefix. Nothing means try all. ,mrules_file_ :: Maybe FilePath -- ^ a conversion rules file to use (when reading CSV) ,aliases_ :: [String] -- ^ account name aliases to apply - ,anon_ :: Bool -- ^ do light anonymisation/obfuscation of the data + ,anon_ :: Bool -- ^ do light obfuscation of the data. Now corresponds to --obfuscate, not the old --anon flag. ,new_ :: Bool -- ^ read only new transactions since this file was last read ,new_save_ :: Bool -- ^ save latest new transactions state for next time ,pivot_ :: String -- ^ use the given field's value as the account name diff --git a/hledger/Hledger/Cli/Anon.hs b/hledger/Hledger/Cli/Anon.hs index 0b2d1815c..327810f00 100644 --- a/hledger/Hledger/Cli/Anon.hs +++ b/hledger/Hledger/Cli/Anon.hs @@ -1,8 +1,10 @@ {-| -Instances for anonymizing sensitive data in various types. +Instances for obfuscating sensitive data (mainly text, not numbers) in various types. -Note that there is no clear way to anonymize numbers. +Currently this is deterministic and does not provide much privacy. +It has been moved to a hidden --obfuscate flag, with the old --anon flag +now raising an error. See https://github.com/simonmichael/hledger/issues/2133 . -} diff --git a/hledger/Hledger/Cli/CliOptions.hs b/hledger/Hledger/Cli/CliOptions.hs index d3e94e4eb..15d15ab5f 100644 --- a/hledger/Hledger/Cli/CliOptions.hs +++ b/hledger/Hledger/Cli/CliOptions.hs @@ -134,7 +134,6 @@ inputflags = [ flagReq ["file","f"] (\s opts -> Right $ setopt "file" s opts) "FILE" "use a different input file. For stdin, use - (default: $LEDGER_FILE or $HOME/.hledger.journal)" ,flagReq ["rules-file"] (\s opts -> Right $ setopt "rules-file" s opts) "RFILE" "CSV conversion rules file (default: FILE.rules)" ,flagReq ["alias"] (\s opts -> Right $ setopt "alias" s opts) "OLD=NEW" "rename accounts named OLD to NEW" - ,flagNone ["anon"] (setboolopt "anon") "anonymize accounts and payees" ,flagReq ["pivot"] (\s opts -> Right $ setopt "pivot" s opts) "TAGNAME" "use some other field/tag for account names" ,flagNone ["ignore-assertions","I"] (setboolopt "ignore-assertions") "ignore any balance assertions" ,flagNone ["strict","s"] (setboolopt "strict") "do extra error checking (check that all posted accounts are declared)" @@ -250,9 +249,11 @@ flattreeflags showamounthelp = [ -- such as --effective, --aux-date. hiddenflags :: [Flag RawOpts] hiddenflags = [ - flagNone ["effective","aux-date"] (setboolopt "date2") "Ledger-compatible aliases for --date2" - ,flagNone ["infer-value"] (setboolopt "infer-market-prices") "legacy flag that was renamed" - ,flagNone ["pretty-tables"] (setopt "pretty" "always") "legacy flag that was renamed" + flagNone ["effective","aux-date"] (setboolopt "date2") "Ledger-compatible aliases for --date2" + ,flagNone ["infer-value"] (setboolopt "infer-market-prices") "legacy flag that was renamed" + ,flagNone ["pretty-tables"] (setopt "pretty" "always") "legacy flag that was renamed" + ,flagNone ["anon"] (setboolopt "anon") "deprecated, renamed to --obfuscate" -- #2133, handled by anonymiseByOpts + ,flagNone ["obfuscate"] (setboolopt "obfuscate") "slightly obfuscate hledger's output. Warning, does not give privacy. Formerly --anon." -- #2133, handled by maybeObfuscate ] -- | Common output-related flags: --output-file, --output-format... diff --git a/hledger/Hledger/Cli/Utils.hs b/hledger/Hledger/Cli/Utils.hs index 9ab154296..ae6d1e116 100644 --- a/hledger/Hledger/Cli/Utils.hs +++ b/hledger/Hledger/Cli/Utils.hs @@ -87,17 +87,30 @@ journalTransform :: CliOpts -> Journal -> Journal journalTransform opts = pivotByOpts opts <&> anonymiseByOpts opts + <&> maybeObfuscate opts --- | Apply the pivot transformation on a journal, if option is present. +-- | Apply the pivot transformation on a journal (replacing account names by a different field's value), if option is present. pivotByOpts :: CliOpts -> Journal -> Journal pivotByOpts opts = case maybestringopt "pivot" . rawopts_ $ opts of Just tag -> journalPivot $ T.pack tag Nothing -> id --- | Apply the anonymisation transformation on a journal, if option is present +-- #2133 +-- | Raise an error, announcing the rename to --obfuscate and its limitations. anonymiseByOpts :: CliOpts -> Journal -> Journal anonymiseByOpts opts = + if boolopt "anon" $ rawopts_ opts + then error' $ unlines [ + "--anon does not give privacy, and perhaps should be avoided;" + ,"please see https://github.com/simonmichael/hledger/issues/2133 ." + ,"For now it has been renamed to --obfuscate (a hidden flag)." + ] + else id + +-- | Apply light obfuscation to a journal, if --obfuscate is present (formerly --anon). +maybeObfuscate :: CliOpts -> Journal -> Journal +maybeObfuscate opts = if anon_ . inputopts_ $ opts then anon else id diff --git a/hledger/test/journal/anon.test b/hledger/test/journal/anon.test index ebfbe30dd..95df589cf 100644 --- a/hledger/test/journal/anon.test +++ b/hledger/test/journal/anon.test @@ -13,29 +13,41 @@ alias tips=expenses:tips (liabilities) 1 (tips) 3 -# Basic tests on accounts # ** 1. $ hledger -f- print --anon -> !/assets|liabilities|expenses|tips/ +>2 /--anon does not give privacy/ +>=1 + +# Basic tests on accounts + # ** 2. -$ hledger -f- reg --anon +$ hledger -f- print --obfuscate > !/assets|liabilities|expenses|tips/ + # ** 3. -$ hledger -f- bal --anon +$ hledger -f- reg --obfuscate > !/assets|liabilities|expenses|tips/ + # ** 4. -$ hledger -f- accounts --anon +$ hledger -f- bal --obfuscate +> !/assets|liabilities|expenses|tips/ + +# ** 5. +$ hledger -f- accounts --obfuscate > !/assets|liabilities|expenses|tips/ # Basic tests on descriptions and comments -# ** 5. -$ hledger -f- print --anon -> !/borrow|signed/ + # ** 6. -$ hledger -f- reg --anon +$ hledger -f- print --obfuscate +> !/borrow|signed/ + +# ** 7. +$ hledger -f- reg --obfuscate > !/borrow/ # Basic tests on transaction code -# ** 7. -$ hledger -f- print --anon + +# ** 8. +$ hledger -f- print --obfuscate > !/receipt/