Temp directories not removed when workflow reset during Export Knime Workflow

If I use the Create Temp Directory node and set the “Delete directory on reset” option, the temporary directory is removed as expected when the node is reset individually, when the entire workflow is reset, or when the KNIME Desktop environment is closed. However, if the workflow is not manually reset, the Export KNIME Workflow operation is used from the File menu, and the “Reset Workflow(s) before export” option is selected, the workflow is exported with all of the nodes in a reset state, but any temp directories created by the Create Temp Directory node still exist along with any files in them. The temp directories and included files are then exported into the .knwf file.

This is a problem because if the workflow developer is not diligent about manually resetting workflows prior to export instead of relying on the option set in the export dialog, there is the potential for exposure of sensitive information. Case in point - a workflow used to process customer data for fraud detection, which uses a temp directory to export downloadable reports for the end user. In testing, the developer doesn’t reset the workflow prior to exporting the .knwf file because they’re counting on the “Reset workflow(s)…” option in the export to do what it says it will and the reset state to trigger the Create Temp Directory node to clobber its directories, so now the workflow archive contains sensitive customer data unknown to the dev. That flow is checked into a repository or distributed assuming it’s just a workflow definition when it actually contains proprietary and sensitive business data, potentially contributing to a data breech.

This flaw has been confirmed in 4.2.2 and 4.4.1.

3 Likes

Hi @RNovak , I’m not sure if this is a bug or the expected behaviour.

The option to reset on export is not resetting the workflow per se, but creates a copy as reset state. So the workflow itself is not being reset, and hence the temporary directories are still in your workflow, and Knime will just export what’s in the workflow folder in case the workflow is dependent on these directories.

I’m not saying that it is how it should behave, but simply pointing out why this is happening, but I don’t see how Knime would decide that this directory should be kept or this one should be removed - as I said, the workflow (even the exported one) could rely on them.

It comes down to discipline. There are cases when I provide a solution on the Forum where the workflow would write to a file, and the workflow would complain if it’s re-run because the file already exists. I make sure I manually delete that file when I export my solution, that way whoever is getting the solution can run the workflow without any errors.

Define an Export process that either includes the procedure of resetting the workflow, or alternatively, re-create the workflow as a new workflow (Select all nodes, copy, paste into a new empty workflow, save) - call it OriginalName_exportVersion for example, and export that new workflow as your “clean” workflow. Then delete the workflow that was exported.

You can also have them create the temporary directory for these type of files, outside of the workflow folder, that way when exporting, this directory will not be included.

1 Like

This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.