fix(漏洞): 开源版扫描出的漏洞：硬编码API凭据 Credential Management: Hardcoded API Credentials

2025-02-23 19:12:55 +08:00 · 2025-01-14 17:50:29 +08:00 · 2025-01-14 17:50:29 +08:00 · bb7be5c912
commit bb7be5c912
parent 60b0f9c124
1 changed files with 0 additions and 59 deletions
--- a/core/core-frontend/flushbonading/index.js
+++ b/core/core-frontend/flushbonading/index.js
@ -3,7 +3,6 @@ import fs from 'node:fs'
 import pkg from '../package.json' assert { type: "json" };
 const suffix = `${pkg.version}-${pkg.name}`

-let htmlStr = ''
 const eleArr = []

 function produceTag(obj, name) {
@ -11,15 +10,6 @@ function produceTag(obj, name) {
    name,
    attributes: obj,
  })
-  let innerProperty = ''
-  Object.entries(obj).forEach(([key, value]) => {
-    if (['href', 'src'].includes(key)) {
-      innerProperty += ` ${key}="https://de2.fit2cloud.com${value}" `
-    } else {
-      innerProperty += value ? ` ${key}="${value}" ` : ''
-    }
-  })
-  htmlStr += `\n<${name} crossorigin ${innerProperty}></${name}>`
 }
 const parserStream = new WritableStream({
  onopentag(name, attributes) {
@ -37,52 +27,6 @@ const parserStream = new WritableStream({

 const htmlStream = fs.createReadStream('../dist/panel.html')
 htmlStream.pipe(parserStream).on('finish', () => {
-  const template = `<!DOCTYPE html>
-<html lang="en">
-
-<head>
-    <meta charset="UTF-8">
-    <meta http-equiv="X-UA-Compatible" content="IE=edge">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>flushbonading</title>
-    ${htmlStr}
-</head>
-<style>
-    .demo-top {
-        display: inline-flex;
-        height: 100vh;
-        justify-content: center;
-        align-items: center;
-    }
-
-    #dataease-container {
-        display: inline-flex;
-        width: 300px;
-        height: 300px;
-        overflow: auto;
-    }
-
-    .demo-bottom {
-        display: inline-block;
-    }
-</style>
-<body>
-    <div class="demo-top">
-        flushbonading
-    </div>
-    <div id="dataease-container">
-    </div>
-    <div class="demo-bottom">
-        flushbonading
-    </div>
-</body>
-<script type="module">
-    DataEaseBi.create('DashboardEditor', { baseUrl: 'https://de2.fit2cloud.com/', token: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1aWQiOjEsIm9pZCI6MSwiZXhwIjoxNjg2NTgzMDg5fQ.JYvk4Oe6as9Xbf-EPf3w5w9OexUo0pZUsFXXMZFM57U' })
-    DataEaseBi.initialize({ container: '#dataease-container' })
-</script>
-
-</html>`
-  
  const templateJs = `let head = document.createElement('head')
  let suffix = \`${suffix}\`

@ -133,9 +77,6 @@ htmlStream.pipe(parserStream).on('finish', () => {
  })
  document.documentElement.insertBefore(head, document.querySelector('head'))`

-  fs.writeFile('../dist/demo.html', template, err => {
-  })
-
  fs.writeFile(`../dist/js/div_import_${suffix}.js`, templateJs, err => {
  })
 })