Open
Conversation
ListSmbUser previously base64-decoded each stored SMB password and
put the plaintext into the response under "password". Anyone who
could call /api/share/smb_share_users/ as `owner` would get the
plaintext back; from there the credential propagates into response
logs, reverse-proxy buffers, browser network panels, and frontend
caches. CreateSmbUser similarly echoed back req.Password.
Drop both `password` fields from the responses. The id/name pair is
enough for UI listing and create confirmation; the caller already
has the password they sent if they need it for a separate flow.
Note for callers: any frontend code that read response.password from
either endpoint must change. The HTTP shape now contains {id, name}
only.
Co-authored-by: Cursor <cursoragent@cursor.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
概要
`pkg/hertz/biz/handler/api/share/share_service.go` 中两处 SMB 用户接口在响应里直接放了密码明文:
```go
// ListSmbUser
p, _ := common.Base64Decode(r.Password)
d["password"] = p // base64 解码后的明文回写
// CreateSmbUser
result["password"] = req.Password // 调用方刚发的密码再 echo 回去
```
只要任意能调 `/api/share/smb_share_users/` 的客户端通过身份校验,就能把所有 SMB 用户的明文密码拉回来。即便密码本来就来自调用方(CreateSmbUser),把它写进响应体的副作用是:
改动
这两个接口的响应不再包含 `password` 字段:
前端如果有读 `response.password` 的逻辑,需要同步改成"用调用时自己持有的那份密码"——本就该如此。
验证方式
Made with Cursor