🎨 Assets cannot be exported on Windows https://github.com/siyuan-note/siyuan/issues/17045 https://github.com/siyuan-note/siyuan/security/advisories/GHSA-c4jr-5q7w-f6r9

Signed-off-by: Daniel <845765@qq.com>
2026-02-16 20:18:06 +01:00 · 2026-02-16 11:58:59 +08:00 · 2026-02-16 11:58:59 +08:00 · bd076a36a8
commit bd076a36a8
parent 4660d50324
1 changed files with 11 additions and 58 deletions
--- a/kernel/util/path.go
+++ b/kernel/util/path.go
@ -355,33 +355,13 @@ func IsSensitivePath(p string) bool {
 	}
 	pp := filepath.Clean(strings.ToLower(p))

-	// 精确敏感文件
-	exact := []string{
-		"/etc/passwd",
-		"/etc/shadow",
-		"/etc/gshadow",
-		"/var/run/secrets/kubernetes.io/serviceaccount/token",
-	}
-	for _, e := range exact {
-		if pp == e {
-			return true
-		}
-	}
-
 	// 敏感目录前缀（UNIX 风格）
 	prefixes := []string{
 		"/etc/ssh",
 		"/root",
-		"/etc/ssl",
-		"/etc/cron.d/",
-		"/etc/letsencrypt",
-		"/var/lib/docker",
-		"/.gnupg",
-		"/.ssh",
-		"/.aws",
-		"/.kube",
-		"/.docker",
-		"/.config/gcloud",
+		"/etc",
+		"/var/lib/",
+		"/.",
 	}
 	for _, pre := range prefixes {
 		if strings.HasPrefix(pp, pre) {
@ -400,42 +380,15 @@ func IsSensitivePath(p string) bool {
 		}
 	}

-	// 文件名级别检查
-	base := filepath.Base(pp)
-	n := strings.ToLower(base)
-	sensitiveNames := map[string]struct{}{
-		".bashrc":         {},
-		".env":            {},
-		".env.local":      {},
-		".npmrc":          {},
-		".netrc":          {},
-		"id_rsa":          {},
-		"id_dsa":          {},
-		"id_ecdsa":        {},
-		"id_ed25519":      {},
-		"authorized_keys": {},
-		"passwd":          {},
-		"shadow":          {},
-		"pgpass":          {},
-		"hosts":           {},
-		"credentials":     {}, // 如 aws credentials
-		"config.json":     {}, // docker config.json 可能含 token
+	homePrefixes := []string{
+		strings.ToLower(filepath.Join(HomeDir, ".ssh")),
+		strings.ToLower(filepath.Join(HomeDir, ".config")),
+		strings.ToLower(filepath.Join(HomeDir, ".bashrc")),
+		strings.ToLower(filepath.Join(HomeDir, ".zshrc")),
+		strings.ToLower(filepath.Join(HomeDir, ".profile")),
 	}
-	if _, ok := sensitiveNames[n]; ok {
-		return true
-	}
-	// 支持 .env.* 之类的模式
-	if n == ".env" || strings.HasPrefix(n, ".env.") {
-		return true
-	}
-
-	// 扩展名级别检查
-	ext := strings.ToLower(filepath.Ext(n))
-	sensitiveExts := []string{
-		".pem", ".key", ".p12", ".pfx", ".ppk", ".asc", ".gpg",
-	}
-	for _, se := range sensitiveExts {
-		if ext == se {
+	for _, hp := range homePrefixes {
+		if strings.HasPrefix(pp, hp) {
 			return true
 		}
 	}