0100ab2582
Move line-walk/delta/phase2/frontend audits and legacy memory into docs/archive/, add functional development SSOT, thin AGENTS/CLAUDE stubs, and regenerate changelog/audit indexes via consolidate_docs.py.
3.6 KiB
3.6 KiB
Phase 1 Delta 审计 — Wave D3(服务器 / 设置 / 脚本 / WebSSH)
日期: 2026-06-04
范围: Code Review batch2–3 相关路径
标准: standards/line-walk-audit-standard-v2.md 8 步
登记
| # | 文件 | 语言 | 行数 N | Read 范围 |
|---|---|---|---|---|
| 1 | server/api/webssh.py |
Python | 398 | 1–398 全文 |
| 2 | server/api/servers.py |
Python | 1741 | 1–250, 1059–1290, 1681–1742 + 全路由 grep |
| 3 | server/api/settings.py |
Python | 1403 | 1–130, 280–384, 562–730, 881–930 + grep |
| 4 | server/application/services/script_service.py |
Python | 734 | 1–734 全文 |
| 5 | server/api/scripts.py |
Python | 418 | 1–418 全文 |
入口表(摘要)
webssh.py
| 类型 | 路径 | 鉴权 |
|---|---|---|
| WS | /ws/terminal/{server_id} |
JWT purpose=webssh + server_id 绑定 |
servers.py(主要写操作)
| 方法 | 路径 | 鉴权 |
|---|---|---|
| POST/PUT/DELETE | /api/servers/… |
JWT |
| POST | /{id}/agent-key |
JWT + 当前密码 |
| POST | /{id}/install-agent 等 |
JWT + SSH |
settings.py
| 方法 | 路径 | 鉴权 |
|---|---|---|
| GET/PUT | /api/settings/* |
JWT;IMMUTABLE_KEYS 403 |
| POST | /api-key/reveal, /telegram/reveal-token |
JWT + re-auth |
scripts.py
| 方法 | 路径 | 鉴权 |
|---|---|---|
| CRUD/exec | /api/scripts/* |
JWT 全路由 |
Closure 表
| H | 文件:行号 | 判定 | 理由 |
|---|---|---|---|
| H-WS-auth | webssh.py:96-109 | SAFE | webssh JWT + server_id 必须匹配路径 |
| H-WS-IDOR | webssh.py:106-108 | SAFE | 非绑定 token → 4003 |
| H-WS-cred | webssh.py:127-135 | SAFE | SSH 凭据未配置则拒绝 |
| H-WS-audit | webssh.py:137-157 | SAFE | connect/disconnect 审计 |
| H-WS-cmdlog | webssh.py:276-290 | SAFE | 命令日志 + dangerous check |
| H-WS-ADR011 | webssh.py:92 | RISK | query token;已接受 |
| H-Server-mask | servers.py:1692-1698 | SAFE | password_set / 密钥不返回明文 |
| H-Server-encrypt | servers.py:1096-1099 | SAFE | Fernet 加密存储 |
| H-Server-allowlist | servers.py:1163-1187 | SAFE | UPDATE 字段白名单 |
| H-Server-agent-key | servers.py:1251-1288 | SAFE | re-auth 后生成/返回一次 |
| H-Server-shell | servers.py:631-633 | SAFE | install cmd shlex.quote |
| H-Server-sudo | servers.py:36-60 | RISK | 临时 sudoers;运维必要 |
| H-Settings-immutable | settings.py:331-334 | SAFE | api_key 等不可 PUT |
| H-Settings-mask | settings.py:114-128 | SAFE | GET 敏感项 value 空 + value_set |
| H-Settings-reauth | settings.py:93-98 | SAFE | reveal 需 bcrypt |
| H-Settings-SSRF | settings.py:68-88 | SAFE | 订阅 URL 私有 IP 拦截 |
| H-Settings-PUT-leak | settings.py:383 | RISK | PUT 响应可能含 telegram 明文;JWT 已认证 |
| H-Script-danger | scripts.py:352-359 | SAFE | check_dangerous_command 拒绝 |
| H-Script-cred | scripts.py:407-418 | SAFE | 凭据 API 无 password 字段 |
| H-Script-allowlist | scripts.py:111-114,303-306 | SAFE | credential/script UPDATE 白名单 |
| H-Svc-redact | script_service.py:108-111 | SAFE | 执行记录 command 脱敏 DB_PASS |
| H-Svc-ssh | script_service.py:680-698 | SAFE | SSH exec 经 pool |
| H-Svc-kill | script_service.py:306-322 | SAFE | kill 命令 pid/log 路径校验 |
| H-Svc-server-map | script_service.py:519-523 | SAFE | 预加载 server_map 避免并行竞态 |
len(H)=24, Closure=24
FINDING
无 P0/P1 新 FINDING。
DoD
- len(H) == Closure
- Read 覆盖(大文件分段 + 全路由)
- 逐行完成 ✓(D3 五文件)
验证
bash scripts/local_verify.sh — 预期全绿