rmt/ssh-workbench
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
122 commits 1 branch 0 tags 8.4 MiB
Find a file
jima 6c1440e80e Security audit 2026-04-11: PEM/Bearer redaction, telnet warning, host key prefix 
Fourth full security audit (prod-only). Fixed 5 findings, deferred 3 high-priority items.

- FileLogger redacts PEM private key blocks and Bearer tokens
- EditConnectionScreen shows persistent telnet cleartext warning card
- SubscriptionRepository.migrateFromProApk made internal + idempotent
- Host key fingerprints stored as <keyType>:<fingerprint> with backward-compat fallback
- MainActivity.onUrlTapped allowlists http/https/ftp schemes only

Also bundled from this session:
- SFTP back button no longer navigates up folders
- Vault local save requires strong password (12+ chars, mixed)
- SSHSession cancel-on-auth stops retry loop immediately
- Version bump to 0.0.38

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-11 01:02:00 +02:00
app Security audit 2026-04-11: PEM/Bearer redaction, telnet warning, host key prefix 2026-04-11 01:02:00 +02:00
docs Security audit 2026-04-11: PEM/Bearer redaction, telnet warning, host key prefix 2026-04-11 01:02:00 +02:00
gradle
lib-ssh Security audit 2026-04-11: PEM/Bearer redaction, telnet warning, host key prefix 2026-04-11 01:02:00 +02:00
lib-terminal-keyboard
lib-terminal-view
lib-vault-crypto
scripts
.gitignore
Audit.md
build.gradle.kts
gradle.properties
gradlew
gradlew.bat
SecurityAudit.md Security audit 2026-04-11: PEM/Bearer redaction, telnet warning, host key prefix 2026-04-11 01:02:00 +02:00
settings.gradle.kts