Files
Nexus/docs/archive/audits/2026-06-04-delta/audit-delta-2026-06-04-waveD3.md
T
2026-07-08 22:31:31 +08:00

86 lines
3.6 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Phase 1 Delta 审计 — Wave D3(服务器 / 设置 / 脚本 / WebSSH
**日期**: 2026-06-04
**范围**: Code Review batch23 相关路径
**标准**: `standards/line-walk-audit-standard-v2.md` 8 步
## 登记
| # | 文件 | 语言 | 行数 N | Read 范围 |
|---|------|------|--------|-----------|
| 1 | `server/api/webssh.py` | Python | 398 | 1398 全文 |
| 2 | `server/api/servers.py` | Python | 1741 | 1250, 10591290, 16811742 + 全路由 grep |
| 3 | `server/api/settings.py` | Python | 1403 | 1130, 280384, 562730, 881930 + grep |
| 4 | `server/application/services/script_service.py` | Python | 734 | 1734 全文 |
| 5 | `server/api/scripts.py` | Python | 418 | 1418 全文 |
## 入口表(摘要)
### webssh.py
| 类型 | 路径 | 鉴权 |
|------|------|------|
| WS | `/ws/terminal/{server_id}` | JWT `purpose=webssh` + server_id 绑定 |
### servers.py(主要写操作)
| 方法 | 路径 | 鉴权 |
|------|------|------|
| POST/PUT/DELETE | `/api/servers/`… | JWT |
| POST | `/{id}/agent-key` | JWT + 当前密码 |
| POST | `/{id}/install-agent` 等 | JWT + SSH |
### settings.py
| 方法 | 路径 | 鉴权 |
|------|------|------|
| GET/PUT | `/api/settings/*` | JWTIMMUTABLE_KEYS 403 |
| POST | `/api-key/reveal`, `/telegram/reveal-token` | JWT + re-auth |
### scripts.py
| 方法 | 路径 | 鉴权 |
|------|------|------|
| CRUD/exec | `/api/scripts/*` | JWT 全路由 |
## Closure 表
| H | 文件:行号 | 判定 | 理由 |
|---|-----------|------|------|
| H-WS-auth | webssh.py:96-109 | SAFE | webssh JWT + server_id 必须匹配路径 |
| H-WS-IDOR | webssh.py:106-108 | SAFE | 非绑定 token → 4003 |
| H-WS-cred | webssh.py:127-135 | SAFE | SSH 凭据未配置则拒绝 |
| H-WS-audit | webssh.py:137-157 | SAFE | connect/disconnect 审计 |
| H-WS-cmdlog | webssh.py:276-290 | SAFE | 命令日志 + dangerous check |
| H-WS-ADR011 | webssh.py:92 | RISK | query token;已接受 |
| H-Server-mask | servers.py:1692-1698 | SAFE | password_set / 密钥不返回明文 |
| H-Server-encrypt | servers.py:1096-1099 | SAFE | Fernet 加密存储 |
| H-Server-allowlist | servers.py:1163-1187 | SAFE | UPDATE 字段白名单 |
| H-Server-agent-key | servers.py:1251-1288 | SAFE | re-auth 后生成/返回一次 |
| H-Server-shell | servers.py:631-633 | SAFE | install cmd shlex.quote |
| H-Server-sudo | servers.py:36-60 | RISK | 临时 sudoers;运维必要 |
| H-Settings-immutable | settings.py:331-334 | SAFE | api_key 等不可 PUT |
| H-Settings-mask | settings.py:114-128 | SAFE | GET 敏感项 value 空 + value_set |
| H-Settings-reauth | settings.py:93-98 | SAFE | reveal 需 bcrypt |
| H-Settings-SSRF | settings.py:68-88 | SAFE | 订阅 URL 私有 IP 拦截 |
| H-Settings-PUT-leak | settings.py:383 | RISK | PUT 响应可能含 telegram 明文;JWT 已认证 |
| H-Script-danger | scripts.py:352-359 | SAFE | check_dangerous_command 拒绝 |
| H-Script-cred | scripts.py:407-418 | SAFE | 凭据 API 无 password 字段 |
| H-Script-allowlist | scripts.py:111-114,303-306 | SAFE | credential/script UPDATE 白名单 |
| H-Svc-redact | script_service.py:108-111 | SAFE | 执行记录 command 脱敏 DB_PASS |
| H-Svc-ssh | script_service.py:680-698 | SAFE | SSH exec 经 pool |
| H-Svc-kill | script_service.py:306-322 | SAFE | kill 命令 pid/log 路径校验 |
| H-Svc-server-map | script_service.py:519-523 | SAFE | 预加载 server_map 避免并行竞态 |
**len(H)=24, Closure=24**
## FINDING
无 P0/P1 新 FINDING。
## DoD
- [x] len(H) == Closure
- [x] Read 覆盖(大文件分段 + 全路由)
- [x] 逐行完成 ✓(D3 五文件)
## 验证
`bash scripts/local_verify.sh` — 预期全绿