From 6313513d8218dc088f6efec8283a6603d406bea2 Mon Sep 17 00:00:00 2001 From: moonD4rk Date: Sat, 23 May 2026 21:35:20 +0800 Subject: [PATCH] fix(keys): guard --keys against misuse + hint Safari Without -p, dumped keys would be applied to local profile data and decrypt to garbage; -b all hits the same path because pickFromConfigs ignores -p when name == "all". Require both. --- cmd/hack-browser-data/dump.go | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/cmd/hack-browser-data/dump.go b/cmd/hack-browser-data/dump.go index 41276b7..133ea0b 100644 --- a/cmd/hack-browser-data/dump.go +++ b/cmd/hack-browser-data/dump.go @@ -104,8 +104,18 @@ func selectBrowsers(browserName, profilePath, keychainPw, keysPath string) ([]br }) } + // Require -p and a single -b to prevent dumped keys from being applied to local profile data, + // which would decrypt to garbage. -b all is rejected because pickFromConfigs ignores -p in that case. + if profilePath == "" { + return nil, fmt.Errorf("--keys requires -p ") + } + name := strings.ToLower(browserName) + if name == "" || name == "all" { + return nil, fmt.Errorf(`--keys requires -b (single, not "all")`) + } + if keychainPw != "" { - log.Warnf("--keychain-pw is ignored when --keys is set; platform key retrieval is skipped") + log.Warnf("--keychain-pw is ignored when --keys is set") } browsers, err := browser.DiscoverBrowsers(browser.PickOptions{ @@ -128,6 +138,14 @@ func selectBrowsers(browserName, profilePath, keychainPw, keysPath string) ([]br } browser.ApplyDump(browsers, dump) + + for _, b := range browsers { + if _, ok := b.(browser.KeychainPasswordReceiver); ok { + log.Infof("Safari has no portable master key; run `dump -b safari` separately for full extraction") + break + } + } + return browsers, nil }