Skip to content

建议:修复config.ini密钥泄露风险 #186

Description

@hmkklol

你好 @0x727

目前iniFile/config.ini文件中包含了真实的API密钥(Fofa、Shodan、Quake、奇安信、Censys等),存在提交到版本控制的风险。

紧急建议:

  1. iniFile/config.ini加入.gitignore
  2. 提供iniFile/config.ini.example作为模板,所有密钥值为空或占位符
  3. 添加pre-commit hook,阻止包含真实密钥的配置文件被提交

pre-commit hook示例:

#!/bin/bash
if git diff --cached --name-only | grep -q 'iniFile/config.ini$'; then
  echo "Error: Do not commit config.ini with real API keys!"
  exit 1
fi

额外建议:

  • 在README中明确说明如何安全配置密钥
  • 考虑支持从环境变量读取密钥(更安全)

这是一个安全风险,建议尽快修复。

[English Translation / 英文摘要]

Hi maintainers, this issue is a feature / architecture / security suggestion for 10_ShuiZe.
The Chinese text above contains the detailed proposal with technical context and implementation ideas.
In summary: we are requesting the enhancement described above and would be happy to provide PRs or further discussion in either Chinese or English.
Thank you for the excellent work on this project!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions