v1.8.10: security audit fixes
- --list and --status no longer expose IP/port/user (only aliases) - --list-full for admin use (not in skill) - Removed --add from /ssh skill (servers added via GUI only) - Removed exact file paths from skill template - Added deny-read rules for ~/.server-connections/ files - Wrapped main() in try/except to prevent traceback leaking - Added needs_reencrypt() to encryption.py for future migration - install_key no longer prints server IP Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
chrome-storm-c442
@@ -38,3 +38,17 @@ def is_encrypted(data: bytes) -> bool:
|
||||
return data.decode("utf-8").strip().startswith("gAAAAA")
|
||||
except UnicodeDecodeError:
|
||||
return True
|
||||
|
||||
|
||||
def needs_reencrypt(data: bytes) -> bool:
|
||||
"""Check if data was encrypted with old key and needs re-encryption."""
|
||||
try:
|
||||
_fernet.decrypt(data)
|
||||
return False
|
||||
except InvalidToken:
|
||||
pass
|
||||
try:
|
||||
_fernet_old.decrypt(data)
|
||||
return True
|
||||
except InvalidToken:
|
||||
return False
|
||||
|
||||
Reference in New Issue
Block a user