fix: add protected fields to settings to mitigate high-severity vulnerability

Credits to @jorgectf for the advisories.
2025-05-10 18:05:48 +02:00 · 2023-12-20 03:44:14 +09:00 · 2023-12-20 03:44:14 +09:00 · 827e76c46e
commit 827e76c46e
parent 0a9e23daf4
3 changed files with 57 additions and 42 deletions
--- a/settings/nginx.go
+++ b/settings/nginx.go
@ -3,11 +3,11 @@ package settings
 type Nginx struct {
 	AccessLogPath string `json:"access_log_path"`
 	ErrorLogPath  string `json:"error_log_path"`
-	ConfigDir     string `json:"config_dir"`
-	PIDPath       string `json:"pid_path"`
-	TestConfigCmd string `json:"test_config_cmd"`
-	ReloadCmd     string `json:"reload_cmd"`
-	RestartCmd    string `json:"restart_cmd"`
+	ConfigDir     string `json:"config_dir" protected:"true"`
+	PIDPath       string `json:"pid_path" protected:"true"`
+	TestConfigCmd string `json:"test_config_cmd" protected:"true"`
+	ReloadCmd     string `json:"reload_cmd" protected:"true"`
+	RestartCmd    string `json:"restart_cmd" protected:"true"`
 }

 var NginxSettings = Nginx{
--- a/settings/server.go
+++ b/settings/server.go
@ -1,18 +1,18 @@
 package settings

 type Server struct {
-	HttpHost          string `json:"http_host"`
-	HttpPort          string `json:"http_port"`
-	RunMode           string `json:"run_mode"`
-	JwtSecret         string `json:"jwt_secret"`
-	NodeSecret        string `json:"node_secret"`
+	HttpHost          string `json:"http_host" protected:"true"`
+	HttpPort          string `json:"http_port" protected:"true"`
+	RunMode           string `json:"run_mode" protected:"true"`
+	JwtSecret         string `json:"jwt_secret" protected:"true"`
+	NodeSecret        string `json:"node_secret" protected:"true"`
 	HTTPChallengePort string `json:"http_challenge_port"`
-	Email             string `json:"email"`
-	Database          string `json:"database"`
-	StartCmd          string `json:"start_cmd"`
+	Email             string `json:"email" protected:"true"`
+	Database          string `json:"database" protected:"true"`
+	StartCmd          string `json:"start_cmd" protected:"true"`
 	CADir             string `json:"ca_dir"`
-	Demo              bool   `json:"demo"`
-	PageSize          int    `json:"page_size"`
+	Demo              bool   `json:"demo" protected:"true"`
+	PageSize          int    `json:"page_size" protected:"true"`
 	GithubProxy       string `json:"github_proxy"`
 }