Files
nick-doc/Issues/ISSUE-127-scanner-get-intents-id-exposes-salt-and-callbackurl.md
Siavash Sameni dceaf82934 audit: 2026-05-30 full-codebase audit — report, issues, docs, runbooks
Full-codebase-audit 2026-05-30 outputs:
- Audit report: 09 - Audits/Full Codebase Audit - 2026-05-30.md
- 81 issue files ISSUE-055..135 (decisions + 1 skipped no-brainer).
- Scanner docs from scratch (was zero): architecture, data model, API ref, payment
  flow, operations runbook + repo README.
- Doc-sync updates across API reference, data models, flows, design system.
- Secret Rotation Runbook (08 - Operations) for the exposed credentials.
- Reusable workflow guide (07 - Development) + .claude/workflows/full-codebase-audit.js.

Issues remain status:open intentionally — the code fixes are uncommitted-then-committed
working-tree changes per repo and aren't "resolved" until merged/deployed.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-05-30 18:48:04 +04:00

1.1 KiB

issue, title, severity, domain, labels, status, created, source
issue title severity domain labels status created source
127 Scanner: GET /intents/:id exposes salt and callbackUrl in response low Scanner
security
scanner
information-disclosure
open 2026-05-30 Full Codebase Audit 2026-05-30

Scanner: GET /intents/:id exposes salt and callbackUrl in response

Severity: low Domain: Scanner Labels: security, scanner, information-disclosure

Description

scanner/api.go:260 returns the full intent struct including salt (used in payment reference derivation) and callbackUrl (internal backend endpoint). Both are internal implementation details that should not be exposed to callers.

Options

  1. Tag salt and callbackUrl with json:"-" and return a sanitized DTO.
  2. Return them only to admin/privileged callers.
  3. Keep callbackUrl but always hide salt.

Recommendation

Return a sanitized DTO that omits salt and callbackUrl; both are internal. Response-shape change may affect existing callers.

Affected Files

  • scanner/api.go:260

References