GitHub/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2026-05-26 07:08:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
758e1ad05047b338765d67e4505f3ba4052c0ed2
3x-ui/web/service
History
MHSanaei b36e5e0869 fix(security): redact at source and cap marshal sizes for CodeQL 
CodeQL kept flagging the merge logger because taint flowed Password ->
ClientMergeConflict.Old -> log even with a runtime redact helper -- the
analyzer can't prove the branch excludes credentials. Redact at the
source instead: uuid/password/auth/subId now only ever land in the
conflict struct as <redacted> placeholders, so no caller (log or
otherwise) can leak them.

For the ClientWithAttachments marshal overflow alert, replace the
MaxInt-len() arithmetic with explicit per-input size caps (256MB each),
which is the pattern CodeQL's own docs recommend and recognizes.
2026-05-19 12:48:01 +02:00
..
api_token.go
feat(api-tokens): manage multiple named tokens; add tab/section anchor URLs
2026-05-13 16:34:31 +02:00
client_test.go
Feat/multi inbound clients (#4469)
2026-05-19 12:20:24 +02:00
client.go
fix(security): redact at source and cap marshal sizes for CodeQL
2026-05-19 12:48:01 +02:00
config.json
feat(inbounds): align tunnel, tun, and hysteria UI with Xray docs
2026-05-13 22:44:08 +02:00
custom_geo_test.go
v3
2026-05-10 02:13:42 +02:00
custom_geo.go
fix(security): SSRF-guard node and remote HTTP clients
2026-05-13 13:33:53 +02:00
fallback.go
Feat/multi inbound clients (#4469)
2026-05-19 12:20:24 +02:00
inbound.go
Feat/multi inbound clients (#4469)
2026-05-19 12:20:24 +02:00
metric_history.go
Feat/multi inbound clients (#4469)
2026-05-19 12:20:24 +02:00
node_test.go
Feat/multi inbound clients (#4469)
2026-05-19 12:20:24 +02:00
node.go
Feat/multi inbound clients (#4469)
2026-05-19 12:20:24 +02:00
nord.go
feat(xray/nord): searchable server list + colored load tag, surface API errors
2026-05-11 10:06:01 +02:00
outbound.go
fix(outbound): probe UDP-based outbounds over UDP instead of TCP
2026-05-15 12:29:53 +02:00
panel_other.go
feat: add panel update functionality via web GUI (#4117)
2026-04-28 18:46:55 +02:00
panel_test.go
feat: add panel update functionality via web GUI (#4117)
2026-04-28 18:46:55 +02:00
panel_unix.go
feat: add panel update functionality via web GUI (#4117)
2026-04-28 18:46:55 +02:00
panel.go
Feat/multi inbound clients (#4469)
2026-05-19 12:20:24 +02:00
port_conflict_test.go
Feat/multi inbound clients (#4469)
2026-05-19 12:20:24 +02:00
port_conflict.go
Feat/multi inbound clients (#4469)
2026-05-19 12:20:24 +02:00
server_vlessenc_test.go
Feat: clarify VLESS encryption auth selection (#4271)
2026-05-12 11:39:28 +02:00
server.go
Feat/multi inbound clients (#4469)
2026-05-19 12:20:24 +02:00
setting_security_test.go
feat(api-tokens): manage multiple named tokens; add tab/section anchor URLs
2026-05-13 16:34:31 +02:00
setting.go
Add possibility to remove client email from sub (#4297)
2026-05-13 19:04:17 +02:00
tgbot_test.go
Feat/multi inbound clients (#4469)
2026-05-19 12:20:24 +02:00
tgbot.go
Feat/multi inbound clients (#4469)
2026-05-19 12:20:24 +02:00
traffic_writer_test.go
Fix: traffic writer restart freeze (#4265)
2026-05-12 11:36:05 +02:00
traffic_writer.go
Fix: traffic writer restart freeze (#4265)
2026-05-12 11:36:05 +02:00
url_safety.go
Security hardening: sessions, SSRF, CSP nonce, CSRF logout, trusted proxies (#4275)
2026-05-13 12:52:52 +02:00
user.go
fix(auth): invalidate sessions when 2FA is enabled, fix dev 401 loop
2026-05-13 14:08:16 +02:00
warp.go
fix(warp): set license against Cloudflare API and surface errors inline
2026-05-13 21:13:16 +02:00
websocket.go
v3
2026-05-10 02:13:42 +02:00
xray_metrics.go
Security hardening: sessions, SSRF, CSP nonce, CSRF logout, trusted proxies (#4275)
2026-05-13 12:52:52 +02:00
xray_setting_test.go
Feat/multi inbound clients (#4469)
2026-05-19 12:20:24 +02:00
xray_setting.go
Feat/multi inbound clients (#4469)
2026-05-19 12:20:24 +02:00
xray.go
Feat/multi inbound clients (#4469)
2026-05-19 12:20:24 +02:00