pulsareon/dstalk
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Harden plugin runtime: TLS verify, LSP deadlock, path traversal, ABI exception safety (W14)
Some checks failed
CI / Determine matrix (push) Has been cancelled
Details
CI / ${{ matrix.os }} / ${{ matrix.build_type }} (push) Has been cancelled
Details

Browse Source 
W14 addresses the five most critical findings from the W13 plugin audits:

- W14.1 network: enable ssl::verify_peer + SSL_set1_host SNI hostname
  verification (fixes TLS bypass, W13.3 CVSS 7.4); add steady_timer DNS
  timeout and bottom-up catch(...) hardening (engineer-zhou)
- W14.2 lsp: fix reader_loop/stop mutex deadlock via stop_nolock/stop_locked
  split (W13.4); wrap 11 vtable/entry functions in try/catch with cv
  notification on reader exit (engineer-sun)
- W14.3 tools: add is_safe_path() rejecting empty/absolute/.. paths before
  file_io calls (fixes path traversal, W13.5 CVSS 7.5); guard g_tools and
  g_session/g_history under mutex; 9 vtable try/catch (security-cao)
- W14.4 host: add fallback plugin search (../plugins/) so binaries run from
  build/tests/ load current DLLs, resolving the W13.6 R2 stale-DLL false
  alarm (architect-lin)
- W14.5 anthropic+deepseek: wrap 12 ABI boundary functions in try/catch with
  log-guard, preventing exceptions from crossing the C ABI (engineer-chen)

Verified: cmake build 0 error 0 warning, ctest 4/4 pass, smoke R2 now
passes naturally.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
XiuChengWu
2026-05-27 12:03:50 +08:00
parent 47082376ef
commit 102cd3e141
12 changed files with 1230 additions and 702 deletions
Download Patch File Download Diff File Expand all files Collapse all files

330
plugins/tools/src/tools_plugin.cpp
View File

@@ -8,20 +8,49 @@
#include <boost/json.hpp>
#include <boost/json/src.hpp>
#include <atomic>
#include <cstdlib>
#include <cstring>
#include <exception>
#include <filesystem>
#include <mutex>
#include <string>
#include <vector>
namespace json = boost::json;
// ============================================================
// 路径安全校验 (W14.3: 防止路径遍历攻击)
// ============================================================
static bool is_safe_path(const std::string& path) {
// 拒绝空路径
if (path.empty()) return false;
// 拒绝绝对路径: Unix '/' 开头 或 Windows 盘符 (第二字符 ':')
if (path[0] == '/' || path[0] == '\\') return false;
if (path.size() >= 2 && path[1] == ':') return false;
// 拒绝含 ".." 段的目录遍历
if (path.find("..") != std::string::npos) return false;
// lexical_normal 消解相对组件后再次校验
std::string norm = std::filesystem::path(path).lexically_normal().string();
if (norm.empty()) return false;
if (norm[0] == '/' || norm[0] == '\\') return false;
if (norm.size() >= 2 && norm[1] == ':') return false;
if (norm.find("..") != std::string::npos) return false;
return true;
}
// ============================================================
// 内部数据结构
// ============================================================
static const dstalk_host_api_t* g_host = nullptr;
static const dstalk_file_io_service_t* g_file_io = nullptr;
// W14.3: g_host / g_file_io 使用 atomic 指针,写入 acquire/release读取无锁
static std::atomic<const dstalk_host_api_t*> g_host{nullptr};
static std::atomic<const dstalk_file_io_service_t*> g_file_io{nullptr};
struct ToolDef {
std::string name;
@@ -30,45 +59,63 @@ struct ToolDef {
dstalk_tool_handler_fn handler;
};
// W14.3: g_tools 使用 mutex 保护读写
static std::vector<ToolDef> g_tools;
static std::mutex g_tools_mutex;
// ============================================================
// 内置工具: file_read, file_write
// ============================================================
static char* builtin_file_read(const char* args_json) {
if (!g_file_io) {
return g_host->strdup("{\"error\":\"file_io service not available\"}");
const dstalk_host_api_t* host = g_host.load(std::memory_order_acquire);
const dstalk_file_io_service_t* fio = g_file_io.load(std::memory_order_acquire);
if (!fio) {
return host ? host->strdup("{\"error\":\"file_io service not available\"}") : nullptr;
}
try {
auto args = json::parse(args_json).as_object();
auto* path_j = args.if_contains("path");
if (!path_j || !path_j->is_string()) {
return g_host->strdup("{\"error\":\"missing 'path' argument\"}");
return host ? host->strdup("{\"error\":\"missing 'path' argument\"}") : nullptr;
}
std::string path = json::value_to<std::string>(*path_j);
// W14.3: 路径遍历防护
if (!is_safe_path(path)) {
if (host) host->log(DSTALK_LOG_ERROR, "builtin_file_read: unsafe path rejected");
return host ? host->strdup("{\"error\":\"access denied: unsafe path\"}") : nullptr;
}
char* content = nullptr;
int ret = g_file_io->read(path.c_str(), &content);
int ret = fio->read(path.c_str(), &content);
if (ret != 0 || !content) {
return g_host->strdup("{\"error\":\"failed to read file\"}");
return host ? host->strdup("{\"error\":\"failed to read file\"}") : nullptr;
}
std::string escaped_content = json::serialize(json::string(content));
g_host->free(content);
if (host) host->free(content);
std::string result = "{\"content\":" + escaped_content + "}";
return g_host->strdup(result.c_str());
return host ? host->strdup(result.c_str()) : nullptr;
} catch (const std::exception& e) {
std::string err = "{\"error\":\"file_read error: " + std::string(e.what()) + "\"}";
return g_host->strdup(err.c_str());
if (host) host->log(DSTALK_LOG_ERROR, "builtin_file_read: %s", e.what());
std::string err = "{\"error\":\"file_read internal error\"}";
return host ? host->strdup(err.c_str()) : nullptr;
} catch (...) {
if (host) host->log(DSTALK_LOG_ERROR, "builtin_file_read: unknown exception");
return host ? host->strdup("{\"error\":\"file_read internal error\"}") : nullptr;
}
}
static char* builtin_file_write(const char* args_json) {
if (!g_file_io) {
return g_host->strdup("{\"error\":\"file_io service not available\"}");
const dstalk_host_api_t* host = g_host.load(std::memory_order_acquire);
const dstalk_file_io_service_t* fio = g_file_io.load(std::memory_order_acquire);
if (!fio) {
return host ? host->strdup("{\"error\":\"file_io service not available\"}") : nullptr;
}
try {
@@ -76,29 +123,39 @@ static char* builtin_file_write(const char* args_json) {
auto* path_j = args.if_contains("path");
auto* content_j = args.if_contains("content");
if (!path_j || !path_j->is_string()) {
return g_host->strdup("{\"error\":\"missing 'path' argument\"}");
return host ? host->strdup("{\"error\":\"missing 'path' argument\"}") : nullptr;
}
if (!content_j || !content_j->is_string()) {
return g_host->strdup("{\"error\":\"missing 'content' argument\"}");
return host ? host->strdup("{\"error\":\"missing 'content' argument\"}") : nullptr;
}
std::string path = json::value_to<std::string>(*path_j);
std::string content = json::value_to<std::string>(*content_j);
int ret = g_file_io->write(path.c_str(), content.c_str());
if (ret != 0) {
return g_host->strdup("{\"error\":\"failed to write file\"}");
// W14.3: 路径遍历防护
if (!is_safe_path(path)) {
if (host) host->log(DSTALK_LOG_ERROR, "builtin_file_write: unsafe path rejected");
return host ? host->strdup("{\"error\":\"access denied: unsafe path\"}") : nullptr;
}
return g_host->strdup("{\"success\":true}");
int ret = fio->write(path.c_str(), content.c_str());
if (ret != 0) {
return host ? host->strdup("{\"error\":\"failed to write file\"}") : nullptr;
}
return host ? host->strdup("{\"success\":true}") : nullptr;
} catch (const std::exception& e) {
std::string err = "{\"error\":\"file_write error: " + std::string(e.what()) + "\"}";
return g_host->strdup(err.c_str());
if (host) host->log(DSTALK_LOG_ERROR, "builtin_file_write: %s", e.what());
std::string err = "{\"error\":\"file_write internal error\"}";
return host ? host->strdup(err.c_str()) : nullptr;
} catch (...) {
if (host) host->log(DSTALK_LOG_ERROR, "builtin_file_write: unknown exception");
return host ? host->strdup("{\"error\":\"file_write internal error\"}") : nullptr;
}
}
// ============================================================
// Tools 服务 vtable 实现
// Tools 服务 vtable 实现 (W14.3: try/catch + mutex)
// ============================================================
static void tools_unregister_tool(const char* name);
@@ -106,86 +163,130 @@ static void tools_unregister_tool(const char* name);
static int tools_register_tool(const char* name, const char* desc,
const char* params_schema,
dstalk_tool_handler_fn handler) {
if (!name || !handler) return -1;
try {
if (!name || !handler) return -1;
// 如果已存在同名工具,先注销
tools_unregister_tool(name);
// 如果已存在同名工具,先注销
tools_unregister_tool(name);
ToolDef td;
td.name = name;
td.description = desc ? desc : "";
td.parameters_schema = params_schema ? params_schema : "";
td.handler = handler;
g_tools.push_back(std::move(td));
return 0;
ToolDef td;
td.name = name;
td.description = desc ? desc : "";
td.parameters_schema = params_schema ? params_schema : "";
td.handler = handler;
std::lock_guard<std::mutex> lock(g_tools_mutex);
g_tools.push_back(std::move(td));
return 0;
} catch (const std::exception& e) {
const dstalk_host_api_t* host = g_host.load(std::memory_order_acquire);
if (host) host->log(DSTALK_LOG_ERROR, "tools_register_tool: %s", e.what());
return -1;
} catch (...) {
const dstalk_host_api_t* host = g_host.load(std::memory_order_acquire);
if (host) host->log(DSTALK_LOG_ERROR, "tools_register_tool: unknown exception");
return -1;
}
}
static void tools_unregister_tool(const char* name) {
if (!name) return;
std::string n(name);
g_tools.erase(
std::remove_if(g_tools.begin(), g_tools.end(),
[&n](const ToolDef& t) { return t.name == n; }),
g_tools.end());
try {
if (!name) return;
std::string n(name);
std::lock_guard<std::mutex> lock(g_tools_mutex);
g_tools.erase(
std::remove_if(g_tools.begin(), g_tools.end(),
[&n](const ToolDef& t) { return t.name == n; }),
g_tools.end());
} catch (const std::exception& e) {
const dstalk_host_api_t* host = g_host.load(std::memory_order_acquire);
if (host) host->log(DSTALK_LOG_ERROR, "tools_unregister_tool: %s", e.what());
} catch (...) {
const dstalk_host_api_t* host = g_host.load(std::memory_order_acquire);
if (host) host->log(DSTALK_LOG_ERROR, "tools_unregister_tool: unknown exception");
}
}
static char* tools_get_tools_json() {
json::array tools_arr;
try {
const dstalk_host_api_t* host = g_host.load(std::memory_order_acquire);
json::array tools_arr;
for (const auto& t : g_tools) {
json::object tool_obj;
tool_obj["type"] = "function";
{
std::lock_guard<std::mutex> lock(g_tools_mutex);
for (const auto& t : g_tools) {
json::object tool_obj;
tool_obj["type"] = "function";
json::object func_obj;
func_obj["name"] = t.name;
func_obj["description"] = t.description;
json::object func_obj;
func_obj["name"] = t.name;
func_obj["description"] = t.description;
if (!t.parameters_schema.empty()) {
func_obj["parameters"] = json::parse(t.parameters_schema);
} else {
json::object empty_params;
empty_params["type"] = "object";
empty_params["properties"] = json::object{};
func_obj["parameters"] = empty_params;
if (!t.parameters_schema.empty()) {
func_obj["parameters"] = json::parse(t.parameters_schema);
} else {
json::object empty_params;
empty_params["type"] = "object";
empty_params["properties"] = json::object{};
func_obj["parameters"] = empty_params;
}
tool_obj["function"] = func_obj;
tools_arr.push_back(tool_obj);
}
}
tool_obj["function"] = func_obj;
tools_arr.push_back(tool_obj);
std::string result = json::serialize(tools_arr);
return host ? host->strdup(result.c_str()) : nullptr;
} catch (const std::exception& e) {
const dstalk_host_api_t* host = g_host.load(std::memory_order_acquire);
if (host) host->log(DSTALK_LOG_ERROR, "tools_get_tools_json: %s", e.what());
return nullptr;
} catch (...) {
const dstalk_host_api_t* host = g_host.load(std::memory_order_acquire);
if (host) host->log(DSTALK_LOG_ERROR, "tools_get_tools_json: unknown exception");
return nullptr;
}
std::string result = json::serialize(tools_arr);
return g_host->strdup(result.c_str());
}
static char* tools_execute(const char* name, const char* args_json) {
if (!name) {
return g_host->strdup("{\"error\":\"tool name is null\"}");
}
std::string n(name);
ToolDef* found = nullptr;
for (auto& t : g_tools) {
if (t.name == n) {
found = &t;
break;
}
}
if (!found) {
json::object err_obj;
err_obj["error"] = "unknown tool: " + n;
return g_host->strdup(json::serialize(err_obj).c_str());
}
try {
const dstalk_host_api_t* host = g_host.load(std::memory_order_acquire);
if (!name) {
return host ? host->strdup("{\"error\":\"tool name is null\"}") : nullptr;
}
std::string n(name);
ToolDef* found = nullptr;
{
std::lock_guard<std::mutex> lock(g_tools_mutex);
for (auto& t : g_tools) {
if (t.name == n) {
found = &t;
break;
}
}
}
if (!found) {
json::object err_obj;
err_obj["error"] = "unknown tool: " + n;
return host ? host->strdup(json::serialize(err_obj).c_str()) : nullptr;
}
const char* args = args_json ? args_json : "{}";
return found->handler(args);
} catch (const std::exception& e) {
const dstalk_host_api_t* host = g_host.load(std::memory_order_acquire);
if (host) host->log(DSTALK_LOG_ERROR, "tools_execute: %s", e.what());
json::object err_obj;
err_obj["error"] = std::string("tool execution failed: ") + e.what();
return g_host->strdup(json::serialize(err_obj).c_str());
err_obj["error"] = "tool execution internal error";
return host ? host->strdup(json::serialize(err_obj).c_str()) : nullptr;
} catch (...) {
return g_host->strdup("{\"error\":\"tool execution failed: unknown error\"}");
const dstalk_host_api_t* host = g_host.load(std::memory_order_acquire);
if (host) host->log(DSTALK_LOG_ERROR, "tools_execute: unknown exception");
return host ? host->strdup("{\"error\":\"tool execution internal error\"}") : nullptr;
}
}
@@ -201,38 +302,57 @@ static dstalk_tools_service_t g_tools_service = {
// ============================================================
static int on_init(const dstalk_host_api_t* host) {
g_host = host;
try {
g_host.store(host, std::memory_order_release);
// 查询依赖服务: file_io
void* raw = host->query_service("file_io", 1);
if (!raw) {
host->log(DSTALK_LOG_ERROR, "[plugin-tools] required service 'file_io' not found");
// 查询依赖服务: file_io
void* raw = host->query_service("file_io", 1);
if (!raw) {
host->log(DSTALK_LOG_ERROR, "[plugin-tools] required service 'file_io' not found");
return -1;
}
g_file_io.store(static_cast<const dstalk_file_io_service_t*>(raw), std::memory_order_release);
// 向自身注册内置工具
tools_register_tool(
"file_read",
"Read the contents of a file at the given path",
"{\"type\":\"object\",\"properties\":{\"path\":{\"type\":\"string\",\"description\":\"Path to the file to read\"}},\"required\":[\"path\"]}",
builtin_file_read
);
tools_register_tool(
"file_write",
"Write content to a file at the given path",
"{\"type\":\"object\",\"properties\":{\"path\":{\"type\":\"string\",\"description\":\"Path to the file to write\"},\"content\":{\"type\":\"string\",\"description\":\"Content to write to the file\"}},\"required\":[\"path\",\"content\"]}",
builtin_file_write
);
return host->register_service("tools", 1, &g_tools_service);
} catch (const std::exception& e) {
const dstalk_host_api_t* h = g_host.load(std::memory_order_acquire);
if (h) h->log(DSTALK_LOG_ERROR, "on_init[tools]: %s", e.what());
return -1;
} catch (...) {
const dstalk_host_api_t* h = g_host.load(std::memory_order_acquire);
if (h) h->log(DSTALK_LOG_ERROR, "on_init[tools]: unknown exception");
return -1;
}
g_file_io = static_cast<const dstalk_file_io_service_t*>(raw);
// 向自身注册内置工具
tools_register_tool(
"file_read",
"Read the contents of a file at the given path",
"{\"type\":\"object\",\"properties\":{\"path\":{\"type\":\"string\",\"description\":\"Path to the file to read\"}},\"required\":[\"path\"]}",
builtin_file_read
);
tools_register_tool(
"file_write",
"Write content to a file at the given path",
"{\"type\":\"object\",\"properties\":{\"path\":{\"type\":\"string\",\"description\":\"Path to the file to write\"},\"content\":{\"type\":\"string\",\"description\":\"Content to write to the file\"}},\"required\":[\"path\",\"content\"]}",
builtin_file_write
);
return host->register_service("tools", 1, &g_tools_service);
}
static void on_shutdown() {
g_tools.clear();
g_file_io = nullptr;
g_host = nullptr;
try {
std::lock_guard<std::mutex> lock(g_tools_mutex);
g_tools.clear();
} catch (const std::exception& e) {
const dstalk_host_api_t* host = g_host.load(std::memory_order_acquire);
if (host) host->log(DSTALK_LOG_ERROR, "on_shutdown[tools]: %s", e.what());
} catch (...) {
const dstalk_host_api_t* host = g_host.load(std::memory_order_acquire);
if (host) host->log(DSTALK_LOG_ERROR, "on_shutdown[tools]: unknown exception");
}
g_file_io.store(nullptr, std::memory_order_release);
g_host.store(nullptr, std::memory_order_release);
}
static dstalk_plugin_info_t g_info = {