86 lines
3.6 KiB
Markdown
86 lines
3.6 KiB
Markdown
# Phase 1 Delta 审计 — Wave D3(服务器 / 设置 / 脚本 / WebSSH)
|
||
|
||
**日期**: 2026-06-04
|
||
**范围**: Code Review batch2–3 相关路径
|
||
**标准**: `standards/line-walk-audit-standard-v2.md` 8 步
|
||
|
||
## 登记
|
||
|
||
| # | 文件 | 语言 | 行数 N | Read 范围 |
|
||
|---|------|------|--------|-----------|
|
||
| 1 | `server/api/webssh.py` | Python | 398 | 1–398 全文 |
|
||
| 2 | `server/api/servers.py` | Python | 1741 | 1–250, 1059–1290, 1681–1742 + 全路由 grep |
|
||
| 3 | `server/api/settings.py` | Python | 1403 | 1–130, 280–384, 562–730, 881–930 + grep |
|
||
| 4 | `server/application/services/script_service.py` | Python | 734 | 1–734 全文 |
|
||
| 5 | `server/api/scripts.py` | Python | 418 | 1–418 全文 |
|
||
|
||
## 入口表(摘要)
|
||
|
||
### webssh.py
|
||
| 类型 | 路径 | 鉴权 |
|
||
|------|------|------|
|
||
| WS | `/ws/terminal/{server_id}` | JWT `purpose=webssh` + server_id 绑定 |
|
||
|
||
### servers.py(主要写操作)
|
||
| 方法 | 路径 | 鉴权 |
|
||
|------|------|------|
|
||
| POST/PUT/DELETE | `/api/servers/`… | JWT |
|
||
| POST | `/{id}/agent-key` | JWT + 当前密码 |
|
||
| POST | `/{id}/install-agent` 等 | JWT + SSH |
|
||
|
||
### settings.py
|
||
| 方法 | 路径 | 鉴权 |
|
||
|------|------|------|
|
||
| GET/PUT | `/api/settings/*` | JWT;IMMUTABLE_KEYS 403 |
|
||
| POST | `/api-key/reveal`, `/telegram/reveal-token` | JWT + re-auth |
|
||
|
||
### scripts.py
|
||
| 方法 | 路径 | 鉴权 |
|
||
|------|------|------|
|
||
| CRUD/exec | `/api/scripts/*` | JWT 全路由 |
|
||
|
||
## Closure 表
|
||
|
||
| H | 文件:行号 | 判定 | 理由 |
|
||
|---|-----------|------|------|
|
||
| H-WS-auth | webssh.py:96-109 | SAFE | webssh JWT + server_id 必须匹配路径 |
|
||
| H-WS-IDOR | webssh.py:106-108 | SAFE | 非绑定 token → 4003 |
|
||
| H-WS-cred | webssh.py:127-135 | SAFE | SSH 凭据未配置则拒绝 |
|
||
| H-WS-audit | webssh.py:137-157 | SAFE | connect/disconnect 审计 |
|
||
| H-WS-cmdlog | webssh.py:276-290 | SAFE | 命令日志 + dangerous check |
|
||
| H-WS-ADR011 | webssh.py:92 | RISK | query token;已接受 |
|
||
| H-Server-mask | servers.py:1692-1698 | SAFE | password_set / 密钥不返回明文 |
|
||
| H-Server-encrypt | servers.py:1096-1099 | SAFE | Fernet 加密存储 |
|
||
| H-Server-allowlist | servers.py:1163-1187 | SAFE | UPDATE 字段白名单 |
|
||
| H-Server-agent-key | servers.py:1251-1288 | SAFE | re-auth 后生成/返回一次 |
|
||
| H-Server-shell | servers.py:631-633 | SAFE | install cmd shlex.quote |
|
||
| H-Server-sudo | servers.py:36-60 | RISK | 临时 sudoers;运维必要 |
|
||
| H-Settings-immutable | settings.py:331-334 | SAFE | api_key 等不可 PUT |
|
||
| H-Settings-mask | settings.py:114-128 | SAFE | GET 敏感项 value 空 + value_set |
|
||
| H-Settings-reauth | settings.py:93-98 | SAFE | reveal 需 bcrypt |
|
||
| H-Settings-SSRF | settings.py:68-88 | SAFE | 订阅 URL 私有 IP 拦截 |
|
||
| H-Settings-PUT-leak | settings.py:383 | RISK | PUT 响应可能含 telegram 明文;JWT 已认证 |
|
||
| H-Script-danger | scripts.py:352-359 | SAFE | check_dangerous_command 拒绝 |
|
||
| H-Script-cred | scripts.py:407-418 | SAFE | 凭据 API 无 password 字段 |
|
||
| H-Script-allowlist | scripts.py:111-114,303-306 | SAFE | credential/script UPDATE 白名单 |
|
||
| H-Svc-redact | script_service.py:108-111 | SAFE | 执行记录 command 脱敏 DB_PASS |
|
||
| H-Svc-ssh | script_service.py:680-698 | SAFE | SSH exec 经 pool |
|
||
| H-Svc-kill | script_service.py:306-322 | SAFE | kill 命令 pid/log 路径校验 |
|
||
| H-Svc-server-map | script_service.py:519-523 | SAFE | 预加载 server_map 避免并行竞态 |
|
||
|
||
**len(H)=24, Closure=24**
|
||
|
||
## FINDING
|
||
|
||
无 P0/P1 新 FINDING。
|
||
|
||
## DoD
|
||
|
||
- [x] len(H) == Closure
|
||
- [x] Read 覆盖(大文件分段 + 全路由)
|
||
- [x] 逐行完成 ✓(D3 五文件)
|
||
|
||
## 验证
|
||
|
||
`bash scripts/local_verify.sh` — 预期全绿
|