Skip to content

security: comprehensive security hardening for API keys, TLS, and data privacy#1121

Open
Littleyd wants to merge 3 commits intotisfeng:mainfrom
Littleyd:security/comprehensive-audit-fixes
Open

security: comprehensive security hardening for API keys, TLS, and data privacy#1121
Littleyd wants to merge 3 commits intotisfeng:mainfrom
Littleyd:security/comprehensive-audit-fixes

Conversation

@Littleyd
Copy link
Copy Markdown

@Littleyd Littleyd commented Mar 20, 2026

Summary

This PR addresses multiple security vulnerabilities identified during a comprehensive security audit of the Easydict codebase. The changes focus on protecting user data and API credentials.

High-Priority Fixes

  1. API Keys migrated to macOS Keychain — All translation service API keys/secrets (DeepL, Baidu, Ali, Tencent, Volcano, NiuTrans, Caiyun, and OpenAI-compatible stream services) are now stored in Keychain instead of UserDefaults. A transparent migration runs on first launch.

  2. WebView TLS certificate validation restored — Removed allowsAnyHTTPSCertificateForHost:YES and the blanket trust in didReceiveAuthenticationChallenge:. WebView now properly validates server certificates.

  3. App Transport Security tightened — Replaced NSAllowsArbitraryLoads = YES with NSAllowsLocalNetworking = YES in both Info.plist and Info-debug.plist, restricting plaintext HTTP to localhost only.

  4. Hardcoded Baidu session cookie removed — Removed embedded BDUSS/BDUSS_BFESS values from EZWebViewTranslator.m.

  5. URL Scheme key read/write gated by user confirmationeasydict://writeKeyValue and easydict://readValueOfKey now show an NSAlert requiring explicit user approval before executing.

Medium-Priority Fixes

  1. Analytics & crash reporting default to opt-inallowCrashLog and allowAnalytics now default to false.

  2. OCR text truncated in logs — Full OCR results are no longer written to system logs.

  3. Sensitive keys filtered from backup export — API keys, secrets, and tokens are excluded from the user data export file.

  4. Bing endpoint upgraded to HTTPS — Changed http:// to https:// for the Bing China host.

New Files

  • Easydict/Swift/Utility/KeychainHelper.swift — Keychain CRUD helper + migration logic from UserDefaults to Keychain.

Test Plan

  • Fresh install: verify no crash on first launch (migration runs with empty UserDefaults)
  • Upgrade from existing install: verify API keys are migrated to Keychain and removed from UserDefaults
  • Translation services (DeepL, Baidu, Tencent, Ali, Volcano, NiuTrans, Caiyun, OpenAI): verify keys are read from Keychain and services function normally
  • WebView-based translators (Google, Bing, Baidu web): verify pages load correctly with restored TLS validation
  • URL Scheme: test easydict://writeKeyValue?EZTest=abc shows confirmation dialog
  • URL Scheme: test easydict://readValueOfKey?EZTest shows confirmation dialog
  • Settings → Service config: enter a new API key, close settings, verify key persists (synced to Keychain)
  • Backup export: verify exported file does not contain API keys or tokens
  • Analytics: verify Firebase/Sentry are disabled by default on fresh install

Made with Cursor

@Littleyd
security: comprehensive security hardening for API keys, TLS, and dat…
665a381 
…a privacy

- Store API keys in macOS Keychain instead of UserDefaults (with auto-migration)
- Remove WebView trust-all-certificates bypass (EZURLSchemeHandler)
- Tighten App Transport Security: NSAllowsLocalNetworking only (was NSAllowsArbitraryLoads)
- Remove hardcoded Baidu session cookies (BDUSS)
- Add user confirmation dialog for URL Scheme API key read/write operations
- Change Bing endpoint from HTTP to HTTPS
- Default analytics (Firebase) and crash logging (Sentry) to opt-in (was opt-out)
- Truncate OCR text in logs to prevent sensitive data leakage
- Filter API keys/tokens from backup export to Downloads folder

Made-with: Cursor
github-actions[bot]
github-actions Bot reviewed Mar 20, 2026
View reviewed changes
Copy link
Copy Markdown

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello Littleyd, Thank you for your first PR contribution 🎉 Littleyd

@Littleyd
fix: restore NSAllowsArbitraryLoads for HTTP translation endpoints
0ec1084 
Easydict connects to many translation services over HTTP (Ollama on
localhost, Bing China, etc.). NSAllowsLocalNetworking alone is too
restrictive and breaks Ollama. Restore NSAllowsArbitraryLoads while
keeping NSAllowsLocalNetworking as explicit documentation.

Made-with: Cursor
@tisfeng
Copy link
Copy Markdown
Owner

tisfeng commented Mar 28, 2026

Please use dev branch as base branch

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Littleyd @tisfeng