pulsareon/dstalk
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Harden plugin runtime: TLS verify, LSP deadlock, path traversal, ABI exception safety (W14)
Some checks failed
CI / Determine matrix (push) Has been cancelled
Details
CI / ${{ matrix.os }} / ${{ matrix.build_type }} (push) Has been cancelled
Details

Browse Source 
W14 addresses the five most critical findings from the W13 plugin audits:

- W14.1 network: enable ssl::verify_peer + SSL_set1_host SNI hostname
  verification (fixes TLS bypass, W13.3 CVSS 7.4); add steady_timer DNS
  timeout and bottom-up catch(...) hardening (engineer-zhou)
- W14.2 lsp: fix reader_loop/stop mutex deadlock via stop_nolock/stop_locked
  split (W13.4); wrap 11 vtable/entry functions in try/catch with cv
  notification on reader exit (engineer-sun)
- W14.3 tools: add is_safe_path() rejecting empty/absolute/.. paths before
  file_io calls (fixes path traversal, W13.5 CVSS 7.5); guard g_tools and
  g_session/g_history under mutex; 9 vtable try/catch (security-cao)
- W14.4 host: add fallback plugin search (../plugins/) so binaries run from
  build/tests/ load current DLLs, resolving the W13.6 R2 stale-DLL false
  alarm (architect-lin)
- W14.5 anthropic+deepseek: wrap 12 ABI boundary functions in try/catch with
  log-guard, preventing exceptions from crossing the C ABI (engineer-chen)

Verified: cmake build 0 error 0 warning, ctest 4/4 pass, smoke R2 now
passes naturally.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
XiuChengWu
2026-05-27 12:03:50 +08:00
parent 47082376ef
commit 102cd3e141
12 changed files with 1230 additions and 702 deletions
Download Patch File Download Diff File Expand all files Collapse all files

241
plugins/session/src/session_plugin.cpp
View File

@@ -9,10 +9,12 @@
#include <boost/json/src.hpp>
#include <algorithm>
#include <atomic>
#include <cstddef>
#include <cstdint>
#include <cstring>
#include <exception>
#include <mutex>
#include <string>
#include <utility>
#include <vector>
@@ -23,10 +25,9 @@ namespace json = boost::json;
// 内部 C++ 数据结构
// ============================================================
static const dstalk_host_api_t* g_host = nullptr;
// 缓存 file_io 服务指针
static const dstalk_file_io_service_t* g_file_io = nullptr;
// W14.3: g_host / g_file_io 使用 atomic 指针,写入 acquire/release读取无锁
static std::atomic<const dstalk_host_api_t*> g_host{nullptr};
static std::atomic<const dstalk_file_io_service_t*> g_file_io{nullptr};
// 内部消息结构C++ 易用,外部暴露 C struct
struct InternalMessage {
@@ -36,11 +37,10 @@ struct InternalMessage {
std::string tool_calls_json;
};
// 会话历史
// 会话历史 + 缓存 —— W14.3: mutex 保护读写
static std::vector<InternalMessage> g_history;
// history() 返回的 C 数组缓存(生命周期到下次 history() 或 shutdown
static std::vector<dstalk_message_t> g_cached_history;
static std::mutex g_session_mutex;
// ============================================================
// Token 计数工具(内联,避免硬依赖 context 头文件)
@@ -95,16 +95,18 @@ static size_t count_tokens_all(const std::vector<InternalMessage>& msgs) {
}
// ============================================================
// 辅助:刷新 C 缓存数组
// 辅助:刷新 C 缓存数组(调用方需持有 g_session_mutex
// ============================================================
static void rebuild_cached_history() {
static void rebuild_cached_history_locked() {
const dstalk_host_api_t* host = g_host.load(std::memory_order_acquire);
// 释放旧的字符串
for (auto& m : g_cached_history) {
if (m.role) { g_host->free(const_cast<char*>(m.role)); }
if (m.content) { g_host->free(const_cast<char*>(m.content)); }
if (m.tool_call_id) { g_host->free(const_cast<char*>(m.tool_call_id)); }
if (m.tool_calls_json){ g_host->free(const_cast<char*>(m.tool_calls_json)); }
if (m.role) { host->free(const_cast<char*>(m.role)); }
if (m.content) { host->free(const_cast<char*>(m.content)); }
if (m.tool_call_id) { host->free(const_cast<char*>(m.tool_call_id)); }
if (m.tool_calls_json){ host->free(const_cast<char*>(m.tool_calls_json)); }
}
g_cached_history.clear();
@@ -112,70 +114,101 @@ static void rebuild_cached_history() {
g_cached_history.reserve(g_history.size());
for (const auto& im : g_history) {
dstalk_message_t cm;
cm.role = im.role.empty() ? nullptr : g_host->strdup(im.role.c_str());
cm.content = im.content.empty() ? nullptr : g_host->strdup(im.content.c_str());
cm.tool_call_id = im.tool_call_id.empty() ? nullptr : g_host->strdup(im.tool_call_id.c_str());
cm.tool_calls_json = im.tool_calls_json.empty() ? nullptr : g_host->strdup(im.tool_calls_json.c_str());
cm.role = im.role.empty() ? nullptr : host->strdup(im.role.c_str());
cm.content = im.content.empty() ? nullptr : host->strdup(im.content.c_str());
cm.tool_call_id = im.tool_call_id.empty() ? nullptr : host->strdup(im.tool_call_id.c_str());
cm.tool_calls_json = im.tool_calls_json.empty() ? nullptr : host->strdup(im.tool_calls_json.c_str());
g_cached_history.push_back(cm);
}
}
// ============================================================
// Session 服务 vtable 实现
// Session 服务 vtable 实现 (W14.3: try/catch + mutex)
// ============================================================
static void session_add(const dstalk_message_t* msg) {
if (!msg) return;
InternalMessage im;
if (msg->role) im.role = msg->role;
if (msg->content) im.content = msg->content;
if (msg->tool_call_id) im.tool_call_id = msg->tool_call_id;
if (msg->tool_calls_json) im.tool_calls_json = msg->tool_calls_json;
g_history.push_back(std::move(im));
try {
if (!msg) return;
InternalMessage im;
if (msg->role) im.role = msg->role;
if (msg->content) im.content = msg->content;
if (msg->tool_call_id) im.tool_call_id = msg->tool_call_id;
if (msg->tool_calls_json) im.tool_calls_json = msg->tool_calls_json;
std::lock_guard<std::mutex> lock(g_session_mutex);
g_history.push_back(std::move(im));
} catch (const std::exception& e) {
const dstalk_host_api_t* host = g_host.load(std::memory_order_acquire);
if (host) host->log(DSTALK_LOG_ERROR, "session_add: %s", e.what());
} catch (...) {
const dstalk_host_api_t* host = g_host.load(std::memory_order_acquire);
if (host) host->log(DSTALK_LOG_ERROR, "session_add: unknown exception");
}
}
static void session_clear() {
std::lock_guard<std::mutex> lock(g_session_mutex);
g_history.clear();
}
static int session_save(const char* path) {
if (!path || !g_file_io) return -1;
try {
if (!path) return -1;
std::string data;
for (const auto& m : g_history) {
json::object entry;
entry["role"] = m.role;
entry["content"] = m.content;
if (!m.tool_call_id.empty())
entry["tool_call_id"] = m.tool_call_id;
if (!m.tool_calls_json.empty())
entry["tool_calls_json"] = m.tool_calls_json;
data += json::serialize(entry);
data += '\n';
const dstalk_file_io_service_t* fio = g_file_io.load(std::memory_order_acquire);
if (!fio) return -1;
std::string data;
{
std::lock_guard<std::mutex> lock(g_session_mutex);
for (const auto& m : g_history) {
json::object entry;
entry["role"] = m.role;
entry["content"] = m.content;
if (!m.tool_call_id.empty())
entry["tool_call_id"] = m.tool_call_id;
if (!m.tool_calls_json.empty())
entry["tool_calls_json"] = m.tool_calls_json;
data += json::serialize(entry);
data += '\n';
}
}
return fio->write(path, data.c_str());
} catch (const std::exception& e) {
const dstalk_host_api_t* host = g_host.load(std::memory_order_acquire);
if (host) host->log(DSTALK_LOG_ERROR, "session_save: %s", e.what());
return -1;
} catch (...) {
const dstalk_host_api_t* host = g_host.load(std::memory_order_acquire);
if (host) host->log(DSTALK_LOG_ERROR, "session_save: unknown exception");
return -1;
}
return g_file_io->write(path, data.c_str());
}
static int session_load(const char* path) {
if (!path || !g_file_io) return -1;
try {
if (!path) return -1;
char* content = nullptr;
int ret = g_file_io->read(path, &content);
if (ret != 0 || !content) return -1;
const dstalk_file_io_service_t* fio = g_file_io.load(std::memory_order_acquire);
if (!fio) return -1;
std::string data(content);
g_host->free(content);
char* content = nullptr;
int ret = fio->read(path, &content);
if (ret != 0 || !content) return -1;
std::vector<InternalMessage> parsed;
size_t pos = 0;
while (pos < data.size()) {
size_t nl = data.find('\n', pos);
std::string line = (nl != std::string::npos)
? data.substr(pos, nl - pos) : data.substr(pos);
pos = (nl != std::string::npos) ? nl + 1 : data.size();
if (line.empty()) continue;
const dstalk_host_api_t* host = g_host.load(std::memory_order_acquire);
std::string data(content);
host->free(content);
std::vector<InternalMessage> parsed;
size_t pos = 0;
while (pos < data.size()) {
size_t nl = data.find('\n', pos);
std::string line = (nl != std::string::npos)
? data.substr(pos, nl - pos) : data.substr(pos);
pos = (nl != std::string::npos) ? nl + 1 : data.size();
if (line.empty()) continue;
try {
auto obj = json::parse(line).as_object();
auto* role_j = obj.if_contains("role");
auto* content_j = obj.if_contains("content");
@@ -191,24 +224,58 @@ static int session_load(const char* path) {
im.tool_calls_json = json::value_to<std::string>(*tcj);
parsed.push_back(std::move(im));
}
} catch (const std::exception&) {
return -1;
}
}
if (parsed.empty()) return -1;
g_history = std::move(parsed);
return 0;
if (parsed.empty()) return -1;
{
std::lock_guard<std::mutex> lock(g_session_mutex);
g_history = std::move(parsed);
}
return 0;
} catch (const std::exception& e) {
const dstalk_host_api_t* host = g_host.load(std::memory_order_acquire);
if (host) host->log(DSTALK_LOG_ERROR, "session_load: %s", e.what());
return -1;
} catch (...) {
const dstalk_host_api_t* host = g_host.load(std::memory_order_acquire);
if (host) host->log(DSTALK_LOG_ERROR, "session_load: unknown exception");
return -1;
}
}
static const dstalk_message_t* session_history(int* out_count) {
rebuild_cached_history();
if (out_count) *out_count = static_cast<int>(g_cached_history.size());
return g_cached_history.empty() ? nullptr : g_cached_history.data();
try {
std::lock_guard<std::mutex> lock(g_session_mutex);
rebuild_cached_history_locked();
if (out_count) *out_count = static_cast<int>(g_cached_history.size());
return g_cached_history.empty() ? nullptr : g_cached_history.data();
} catch (const std::exception& e) {
const dstalk_host_api_t* host = g_host.load(std::memory_order_acquire);
if (host) host->log(DSTALK_LOG_ERROR, "session_history: %s", e.what());
if (out_count) *out_count = 0;
return nullptr;
} catch (...) {
const dstalk_host_api_t* host = g_host.load(std::memory_order_acquire);
if (host) host->log(DSTALK_LOG_ERROR, "session_history: unknown exception");
if (out_count) *out_count = 0;
return nullptr;
}
}
static int session_token_count() {
return static_cast<int>(count_tokens_all(g_history));
try {
std::lock_guard<std::mutex> lock(g_session_mutex);
return static_cast<int>(count_tokens_all(g_history));
} catch (const std::exception& e) {
const dstalk_host_api_t* host = g_host.load(std::memory_order_acquire);
if (host) host->log(DSTALK_LOG_ERROR, "session_token_count: %s", e.what());
return -1;
} catch (...) {
const dstalk_host_api_t* host = g_host.load(std::memory_order_acquire);
if (host) host->log(DSTALK_LOG_ERROR, "session_token_count: unknown exception");
return -1;
}
}
static dstalk_session_service_t g_session_service = {
@@ -225,27 +292,45 @@ static dstalk_session_service_t g_session_service = {
// ============================================================
static int on_init(const dstalk_host_api_t* host) {
g_host = host;
try {
g_host.store(host, std::memory_order_release);
// 查询依赖服务: file_io
void* raw = host->query_service("file_io", 1);
if (!raw) {
host->log(DSTALK_LOG_ERROR, "[plugin-session] required service 'file_io' not found");
// 查询依赖服务: file_io
void* raw = host->query_service("file_io", 1);
if (!raw) {
host->log(DSTALK_LOG_ERROR, "[plugin-session] required service 'file_io' not found");
return -1;
}
g_file_io.store(static_cast<const dstalk_file_io_service_t*>(raw), std::memory_order_release);
// 注册自身服务
return host->register_service("session", 1, &g_session_service);
} catch (const std::exception& e) {
const dstalk_host_api_t* h = g_host.load(std::memory_order_acquire);
if (h) h->log(DSTALK_LOG_ERROR, "on_init[session]: %s", e.what());
return -1;
} catch (...) {
const dstalk_host_api_t* h = g_host.load(std::memory_order_acquire);
if (h) h->log(DSTALK_LOG_ERROR, "on_init[session]: unknown exception");
return -1;
}
g_file_io = static_cast<const dstalk_file_io_service_t*>(raw);
// 注册自身服务
return host->register_service("session", 1, &g_session_service);
}
static void on_shutdown() {
// 释放缓存
rebuild_cached_history(); // 这会先清理旧字符串再清空
g_cached_history.clear(); // 确保空
g_history.clear();
g_file_io = nullptr;
g_host = nullptr;
try {
std::lock_guard<std::mutex> lock(g_session_mutex);
rebuild_cached_history_locked();
g_cached_history.clear();
g_history.clear();
} catch (const std::exception& e) {
const dstalk_host_api_t* host = g_host.load(std::memory_order_acquire);
if (host) host->log(DSTALK_LOG_ERROR, "on_shutdown[session]: %s", e.what());
} catch (...) {
const dstalk_host_api_t* host = g_host.load(std::memory_order_acquire);
if (host) host->log(DSTALK_LOG_ERROR, "on_shutdown[session]: unknown exception");
}
g_file_io.store(nullptr, std::memory_order_release);
g_host.store(nullptr, std::memory_order_release);
}
static dstalk_plugin_info_t g_info = {