Full-codebase-audit 2026-05-30 outputs: - Audit report: 09 - Audits/Full Codebase Audit - 2026-05-30.md - 81 issue files ISSUE-055..135 (decisions + 1 skipped no-brainer). - Scanner docs from scratch (was zero): architecture, data model, API ref, payment flow, operations runbook + repo README. - Doc-sync updates across API reference, data models, flows, design system. - Secret Rotation Runbook (08 - Operations) for the exposed credentials. - Reusable workflow guide (07 - Development) + .claude/workflows/full-codebase-audit.js. Issues remain status:open intentionally — the code fixes are uncommitted-then-committed working-tree changes per repo and aren't "resolved" until merged/deployed. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
1.1 KiB
1.1 KiB
issue, title, severity, domain, labels, status, created, source
| issue | title | severity | domain | labels | status | created | source | |||
|---|---|---|---|---|---|---|---|---|---|---|
| 127 | Scanner: GET /intents/:id exposes salt and callbackUrl in response | low | Scanner |
|
open | 2026-05-30 | Full Codebase Audit 2026-05-30 |
Scanner: GET /intents/:id exposes salt and callbackUrl in response
Severity: low Domain: Scanner Labels: security, scanner, information-disclosure
Description
scanner/api.go:260 returns the full intent struct including salt (used in payment reference derivation) and callbackUrl (internal backend endpoint). Both are internal implementation details that should not be exposed to callers.
Options
- Tag
saltandcallbackUrlwithjson:"-"and return a sanitized DTO. - Return them only to admin/privileged callers.
- Keep
callbackUrlbut always hidesalt.
Recommendation
Return a sanitized DTO that omits salt and callbackUrl; both are internal. Response-shape change may affect existing callers.
Affected Files
scanner/api.go:260
References
- Full Codebase Audit 2026-05-30 — DEC-59