你好 @0x727,
目前iniFile/config.ini文件中包含了真实的API密钥(Fofa、Shodan、Quake、奇安信、Censys等),存在提交到版本控制的风险。
紧急建议:
- 将
iniFile/config.ini加入.gitignore
- 提供
iniFile/config.ini.example作为模板,所有密钥值为空或占位符
- 添加pre-commit hook,阻止包含真实密钥的配置文件被提交
pre-commit hook示例:
#!/bin/bash
if git diff --cached --name-only | grep -q 'iniFile/config.ini$'; then
echo "Error: Do not commit config.ini with real API keys!"
exit 1
fi
额外建议:
- 在README中明确说明如何安全配置密钥
- 考虑支持从环境变量读取密钥(更安全)
这是一个安全风险,建议尽快修复。
[English Translation / 英文摘要]
Hi maintainers, this issue is a feature / architecture / security suggestion for 10_ShuiZe.
The Chinese text above contains the detailed proposal with technical context and implementation ideas.
In summary: we are requesting the enhancement described above and would be happy to provide PRs or further discussion in either Chinese or English.
Thank you for the excellent work on this project!
你好 @0x727,
目前
iniFile/config.ini文件中包含了真实的API密钥(Fofa、Shodan、Quake、奇安信、Censys等),存在提交到版本控制的风险。紧急建议:
iniFile/config.ini加入.gitignoreiniFile/config.ini.example作为模板,所有密钥值为空或占位符pre-commit hook示例:
额外建议:
这是一个安全风险,建议尽快修复。
[English Translation / 英文摘要]
Hi maintainers, this issue is a feature / architecture / security suggestion for 10_ShuiZe.
The Chinese text above contains the detailed proposal with technical context and implementation ideas.
In summary: we are requesting the enhancement described above and would be happy to provide PRs or further discussion in either Chinese or English.
Thank you for the excellent work on this project!