From 98cd32f15efc10ef53e378fbf469cc4faf897e35 Mon Sep 17 00:00:00 2001 From: 2ro <17595647+2ro@users.noreply.github.com> Date: Mon, 6 Jul 2026 08:02:12 -0400 Subject: [PATCH] goblin: mark deferred audit items (M5, M6, L2, L3, L4) with TODO tags Comments only, no behavior change: tag the five deferred audit findings at the code they refer to so they are findable later. M5 (widen display escaping to category-based) and M6 (template echo vs re-serialization) in authuri; L2 (redact secrets from Debug) at NostrIdentity; L3 (carry secrets as ZeroingString end-to-end) at get_nostr_nsec; L4 (reset AdvancedState on back) in the goblin on_back handler. --- src/gui/views/goblin/mod.rs | 2 ++ src/nostr/authuri.rs | 4 ++++ src/nostr/identity.rs | 1 + src/wallet/wallet.rs | 2 ++ 4 files changed, 9 insertions(+) diff --git a/src/gui/views/goblin/mod.rs b/src/gui/views/goblin/mod.rs index 073ebb94..861cc3a3 100644 --- a/src/gui/views/goblin/mod.rs +++ b/src/gui/views/goblin/mod.rs @@ -664,6 +664,8 @@ impl GoblinWalletView { if self.settings_page == SettingsPage::Identities { self.identity_switch = IdentitySwitchState::default(); } + // TODO(audit L4): reset AdvancedState on back navigation too, so a + // revealed nsec/password does not survive leaving the Advanced page. self.settings_page = SettingsPage::Main; return false; } diff --git a/src/nostr/authuri.rs b/src/nostr/authuri.rs index f46f468b..37f34646 100644 --- a/src/nostr/authuri.rs +++ b/src/nostr/authuri.rs @@ -300,6 +300,8 @@ pub(crate) fn domain_bound(callback: &str, domain: &str) -> bool { /// arrays of strings. A `delegation` tag is rejected outright (defense in depth, /// even though delegation tokens are unreachable here). Any deviation rejects. fn validate_template(raw: &str) -> Option