Add security comments to path handling in various scripts to clarify internal constant usage and mitigate path traversal risks. Update logging in registration and verification processes for improved clarity.
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 2m48s
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 2m48s
This commit is contained in:
Torsten Schulz (local)
@@ -110,7 +110,7 @@ function decryptV2GCM(encryptedData, password) {
|
||||
}
|
||||
|
||||
const key = deriveKey(password, salt)
|
||||
const decipher = crypto.createDecipheriv(ALGORITHM, key, iv)
|
||||
const decipher = crypto.createDecipheriv(ALGORITHM, key, iv, { authTagLength: AUTH_TAG_LENGTH })
|
||||
decipher.setAuthTag(tag)
|
||||
|
||||
const decrypted = Buffer.concat([
|
||||
|
||||
Reference in New Issue
Block a user