pulsareon/dstalk
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

W16: close CRITICAL/HIGH findings, integrate metadata gate, complete audit summaries (W16.1-W16.6)
Some checks failed
CI / Determine matrix (push) Has been cancelled
Details
CI / ${{ matrix.os }} / ${{ matrix.build_type }} (push) Has been cancelled
Details

Browse Source 
- W16.1 (曹武): F-11.7-1 CLOSED — confirmed W12.4 fix, corrupt binary eliminated
- W16.2 (孙宇): F-11.1-1 FIXED — context_plugin.cpp try/catch on set_max_tokens + on_shutdown
- W16.3 (陈风): F-11.1-2 CLOSED — confirmed W12.1 fix, strdup OOM protection already in place
- W16.4 (胡桐): Integrate check_agents_metadata into refresh_status.py as pre-gate (error→exit 1)
- W16.5 (周岩): Add Findings Summary to W13.3 network audit, register 3 findings
- W16.6 (赵码): Add Findings Summary to W13.1+W13.2 AI audits, register 8 findings (4 already W14-fixed)

Build 0 error, ctest 4/4 pass, metadata check 0 error 0 warning.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
XiuChengWu
2026-05-27 18:45:03 +08:00
parent f010af6c07
commit 6f492489c6
13 changed files with 179 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
agents/audits/W13.1-anthropic-audit.md
View File

@@ -254,3 +254,20 @@ L92-97: Anthropic API 要求 system 为顶层字段(非 messages 数组元素
- **安全日志参考**: docs/explanation/security-logging.md (W9.3)
- **对比文件**: plugins/deepseek/src/deepseek_plugin.cpp (仅参考,不审计)
- **不修改文件**: anthropic_plugin.cpp (审计只读)
## Findings Summary
| ID | Severity | Title | Fix Wave |
|----|----------|-------|----------|
| F-13.1-1 | HIGH | 6 C ABI functions zero try/catch protection (§8): my_configure (L243), my_chat (L266), my_chat_stream (L348), sse_line_callback (L321), on_init (L454), on_shutdown (L470) -- any std::bad_alloc → std::terminate() | W14 |
| F-13.1-2 | HIGH | response_body leak in my_chat error path (L295-297): ret!=0 returns without freeing response_body (my_chat_stream correctly frees it) | -- |
| F-13.1-3 | HIGH | g_host/g_http/g_config global pointers no sync protection (L14-16 vs L475-L477): on_shutdown nullptr write races with service function reads | -- |
| F-13.1-4 | MEDIUM | sse_line_callback no exception protection (L326 std::string alloc via C fn ptr): relies on network plugin's try/catch as fragile assumption | W14 |
| F-13.1-5 | LOW | temporary std::string + c_str() + strdup fragile pattern (L405-406): safe today but refactoring risk if c_str/strdup calls separated | -- |
| F-13.1-6 | LOW | g_config dead variable (L16): written in on_init (L458) and on_shutdown (L476), never read | -- |
| F-13.1-7 | LOW | heap memory residual for api_key after RAII destruction: build_headers_json returns std::string with x-api-key on stack, not zeroed on free | -- |
| F-13.1-8 | LOW | my_chat post_json error returns only generic "http request failed" (L295-297): does not distinguish timeout/SSL/DNS | -- |
| F-13.1-9 | LOW | my_chat_stream ignores post_stream return value (L379-383): only checks status_code, not ret | -- |
| F-13.1-10 | LOW | Anthropic tool_use blocks silently ignored (L163-173): parse_response only extracts type=="text", tool_use blocks lost; tool_calls_json always nullptr | -- |
| F-13.1-11 | LOW | system messages merged with "\n\n" (L95): may blur cross-message semantic boundaries | -- |