Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Handle rare case on packet pipeline #2450

Merged
merged 6 commits into from
Mar 21, 2023
Merged

Conversation

sandtechnology
Copy link
Collaborator

@sandtechnology sandtechnology commented Jan 21, 2023

Fix #2449, should help #1603
另:考虑到情况的极其罕见性,对未知数据包尝试进行了解密,但如果用户报告含有解密包内容的日志,可能会涉及到账号相关的token泄漏,需要考虑安全性的问题(在报告之前给机器人改个密码?

@Him188 Him188 added t:enhancement 类型: 现有功能上的优化 s:core 子系统: mirai-core labels Jan 21, 2023
@Him188 Him188 self-requested a review January 22, 2023 11:30
@zhaodice
Copy link
Contributor

zhaodice commented Jan 24, 2023

Fix #2449, should help #1603 另:考虑到情况的极其罕见性,对未知数据包尝试进行了解密,但如果用户报告含有解密包内容的日志,可能会涉及到账号相关的token泄漏,需要考虑安全性的问题(在报告之前给机器人改个密码?

考虑一下敏感信息log输出之前用公钥加密,你们手持私钥就好啦

@Him188
Copy link
Member

Him188 commented Jan 24, 2023

自动收集上报私人信息,或者加密日志都是绝对不行的

@zhaodice
Copy link
Contributor

zhaodice commented Jan 24, 2023

自动收集上报私人信息,或者加密日志都是绝对不行的

不是自动上报,是由用户自己填写公钥(不写就是明文),然后再进行导出吧?公钥相当于收件人了其实,没那么敏感。
不过这么麻烦意义也不大了其实。。。

@aleck099
Copy link

可以直接将敏感信息直接输出到日志里面
日志一般都是要自己保护好的
比如apache服务器的日志被严格保护,只有root能访问

@Karlatemp
Copy link
Member

我的想法就是在提供个如何加密日志的方法,让用户自己加密然后报告

@Him188 Him188 requested a review from Karlatemp February 19, 2023 09:20
@Him188 Him188 added this to the 2.15.0-RC milestone Feb 19, 2023
@Him188 Him188 added the z:ready-to-merge 状态: PR 已经可以合并, 正在等待一些安排 label Mar 1, 2023
# Conflicts:
#	mirai-core/src/commonMain/kotlin/network/components/PacketCodec.kt
@Him188 Him188 merged commit 28b1032 into mamoe:dev Mar 21, 2023
StageGuard pushed a commit to StageGuard/mirai that referenced this pull request Apr 14, 2023
* Handle rare case on packet pipeline
Fix mamoe#2449, should help mamoe#1603

* Fix and improve tips and improve the readability of code

* Improve wording of tips

Co-authored-by: Him188 <[email protected]>

* Change d2Key error type to PROTOCOL_UPDATED

* Reformat code

---------

Co-authored-by: Him188 <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
s:core 子系统: mirai-core t:enhancement 类型: 现有功能上的优化 z:ready-to-merge 状态: PR 已经可以合并, 正在等待一些安排
Projects
None yet
Development

Successfully merging this pull request may close these issues.

java.lang.IllegalStateException: wLoginSigInfoField is not yet initialized
5 participants