pulsareon/dstalk
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

W23: close mailroom metadata and network validation tests
Some checks failed
CI / Determine matrix (push) Has been cancelled
Details
CI / ${{ matrix.os }} / ${{ matrix.build_type }} (push) Has been cancelled
Details
CI / Sanitizer (ASan+UBSan) / ubuntu-24.04 (push) Has been cancelled
Details
CI / Coverage (gcovr) / ubuntu-24.04 (push) Has been cancelled
Details

Browse Source 
- Refresh agents STATUS to W22.6 and exclude mailroom from metadata scans
- Add mailroom dispatch checklist and defensive rules
- Register F-23.D-1 and tag network input validation defense-in-depth
- Update network plugin tests for header length limits
- Fix LSP test metadata and remove orphan anthropic_internal.hpp

Verification:
- cmake --build build --config Release: 0 error, 0 warning
- ctest --test-dir build --output-on-failure: 10/10 passed
- ctest --test-dir build -R dstalk_smoke_test --output-on-failure: passed
- python scripts/check_agents_metadata.py --strict: passed

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
XiuChengWu
2026-06-03 17:56:45 +08:00
parent c0af9c65c7
commit 28ae90a6cc
11 changed files with 55 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
plugins_middle/network/src/network_plugin.cpp
View File

@@ -37,6 +37,7 @@ using tcp = asio::ip::tcp;
// ============================================================
// 安全常量和输入验证辅助函数 / Security constants and input-validation helpers
// Fixes: F-23.D-1 (network request input validation defense-in-depth)
// ============================================================
static constexpr size_t MAX_HEADER_KEY_LENGTH = 256;
static constexpr size_t MAX_HEADER_VALUE_LENGTH = 8192;
@@ -83,6 +84,21 @@ static bool is_valid_port(const char* port) {
return std::strlen(port) <= 15;
}
/// 读取环境变量,避免 MSVC 对 std::getenv 的弃用警告 / Read an environment variable without MSVC std::getenv deprecation warnings.
static std::string get_env_var(const char* name) {
#ifdef _MSC_VER
char* value = nullptr;
size_t len = 0;
if (_dupenv_s(&value, &len, name) != 0 || !value) return {};
std::string result(value, len > 0 ? len - 1 : 0);
std::free(value);
return result;
#else
const char* value = std::getenv(name);
return value ? std::string(value) : std::string();
#endif
}
// ============================================================
// 全局状态 / Global state
// ============================================================
@@ -188,14 +204,14 @@ struct HttpClientCtx {
// 但显式 load_verify_file 提供明确的错误码用于报告)/ Fallback 1: SSL_CERT_FILE / SSL_CERT_DIR (already consulted by
// OpenSSL internally, but an explicit load_verify_file gives us
// a clear error code to report).
const char* cert_file = std::getenv("SSL_CERT_FILE");
if (cert_file && *cert_file) {
std::string cert_file = get_env_var("SSL_CERT_FILE");
if (!cert_file.empty()) {
ssl_ctx.load_verify_file(cert_file, ec);
if (!ec) loaded = true;
}
if (!loaded) {
const char* cert_dir = std::getenv("SSL_CERT_DIR");
if (cert_dir && *cert_dir) {
std::string cert_dir = get_env_var("SSL_CERT_DIR");
if (!cert_dir.empty()) {
ssl_ctx.add_verify_path(cert_dir, ec);
if (!ec) loaded = true;
}