Expand description
v1.4.84 SEC-001 fix: Auth credential redaction for debug log output.
背景: eli security report SEC-001 证实 daemon --log-level debug 时
/tmp/*.log 明文写入 tgtgt / salt / device_sig 等完整 auth credentials.
80+ 历史 log 文件暴露 tgtgt. agent 时代, 恶意 skill 一行 cat /tmp/*.log | grep tgtgt 就能拿凭据.
修法: 这个模块提供 redact_auth_body(&str) -> String / redact_kv(&str, key) -> String / redact_auth_json_value(&mut Value) 三个 helper, 替换
敏感字段 value 为 "<REDACTED len=N>". 所有 auth debug / info log 打印
body / response 前必须过这些 helper.
敏感字段清单 (redact 时替换 value):
tgtgt/tgtgt_new— 172 byte base64 AES-256 auth payloadsalt/salt32— 16/32 char server-provided nonce (TGTGT key 派生)client_sig/client_key/rand_key/rand_key_new— session keysdevice_sig/device_sig_new— device 签名 (credentials 持久化)device_verify_sig/device_code/device_code_sig— SMS 2FA 凭据pwd/pwd_md5/password— 密码 / MD5auth_token/session_id— session-level tokensweb_sig_new/ci_sig— web session tokens
非敏感字段保留明文: account / device_id / device_alias / device_type / os_ver / sens_state / uid / svr_time / user_attribution / region_no / is_phone — 这些是identity / context 不是 credential, 保留方便 debug.
何时调用:
crates/futu-backend/src/auth/mod.rs: L765 salt / L883 raw response / L1071 verify_response / L1203 POST body- 其他任何
tracing::debug!/info!打印 response / body / header 的 log point — 改为redact_auth_body包装
Constants§
- SENSITIVE_
FIELDS - v1.4.84 SEC-001: 敏感字段名清单 (case-sensitive, 匹配 JSON key 或 URL param).
Functions§
- account_
log_ fingerprint - v1.4.106 F2: account 字符串 -> 12-char fingerprint
acc-{8-hex}. - device_
id_ log_ fingerprint - v1.4.106 F2: device_id (16-hex) -> 12-char fingerprint
dev-{8-hex}. - emit_
debug_ log_ security_ warn_ once - redact_
auth_ body - v1.4.84 SEC-001: 给一段 JSON-like / key=value text 做 redaction.
- uid_
log_ fingerprint - v1.4.106 F3: uid (u64) -> 12-char fingerprint
uid-{8-hex}.