pulsareon/dstalk
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

W17: close 9 audit findings — atomic pointers, SSE robustness, leak fix, verification (W17.1-W17.4)
Some checks failed
CI / Determine matrix (push) Has been cancelled
Details
CI / ${{ matrix.os }} / ${{ matrix.build_type }} (push) Has been cancelled
Details

Browse Source 
- W17.1 (曹武): Verify F-13.3-1/2/3 all fixed by W14.1, close 3 findings (1 CRITICAL + 1 HIGH + 1 MEDIUM)
- W17.2 (赵码): Fix F-13.2-3 SSE [DONE] sentinel trimming + F-13.2-4 g_host/g_http/g_config atomic pointers in deepseek_plugin
- W17.3 (王测): Verify 4 W14 findings (F-13.1-1/4, F-13.2-1/2) + F-11.7-2 confirmed fixed, close 5 findings
- W17.4 (马奔): Fix F-13.1-2 response_body leak on error path + F-13.1-3 g_host/g_http atomic pointers in anthropic_plugin

Build 0 error, ctest 4/4 pass, metadata check clean.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
XiuChengWu
2026-05-27 18:56:12 +08:00
parent 6f492489c6
commit 852e2cac08
7 changed files with 236 additions and 153 deletions
Download Patch File Download Diff File Expand all files Collapse all files

152
plugins/anthropic/src/anthropic_plugin.cpp
View File

@@ -3,16 +3,17 @@
#include <boost/json.hpp>
#include <boost/json/src.hpp>
#include <atomic>
#include <cstring>
#include <string>
namespace json = boost::json;
// ============================================================================
// 全局指针
// 全局指针 — W17.4: std::atomic 保护 on_shutdown 与 service 函数并发读写
// ============================================================================
static const dstalk_host_api_t* g_host = nullptr;
static dstalk_http_service_t* g_http = nullptr;
static std::atomic<const dstalk_host_api_t*> g_host{nullptr};
static std::atomic<dstalk_http_service_t*> g_http{nullptr};
static dstalk_config_service_t* g_config = nullptr;
// ============================================================================
@@ -129,6 +130,7 @@ static std::string build_request_json(
static void parse_response(const char* body, int http_status,
dstalk_chat_result_t& r)
{
const auto* h = g_host.load(std::memory_order_acquire);
r.http_status = http_status;
if (http_status < 200 || http_status >= 300) {
@@ -138,16 +140,16 @@ static void parse_response(const char* body, int http_status,
auto obj = jv.as_object();
if (obj.contains("error")) {
auto err = obj["error"].as_object();
r.error = g_host->strdup(
r.error = h->strdup(
json::value_to<std::string>(err["message"]).c_str());
}
} catch (...) {
std::string msg = "HTTP " + std::to_string(http_status);
r.error = g_host->strdup(msg.c_str());
r.error = h->strdup(msg.c_str());
}
if (!r.error) {
std::string msg = "HTTP " + std::to_string(http_status);
r.error = g_host->strdup(msg.c_str());
r.error = h->strdup(msg.c_str());
}
r.content = nullptr;
r.tool_calls_json = nullptr;
@@ -165,7 +167,7 @@ static void parse_response(const char* body, int http_status,
if (bobj.contains("type") &&
json::value_to<std::string>(bobj["type"]) == "text") {
std::string text = json::value_to<std::string>(bobj["text"]);
r.content = g_host->strdup(text.c_str());
r.content = h->strdup(text.c_str());
r.ok = 1;
r.error = nullptr;
r.tool_calls_json = nullptr;
@@ -173,22 +175,22 @@ static void parse_response(const char* body, int http_status,
}
}
r.ok = 0;
r.error = g_host->strdup("no text content block found");
r.error = h->strdup("no text content block found");
} else {
r.ok = 0;
r.error = g_host->strdup("empty response");
r.error = h->strdup("empty response");
}
r.content = nullptr;
r.tool_calls_json = nullptr;
} catch (std::exception& e) {
r.ok = 0;
std::string msg = std::string("json parse: ") + e.what();
r.error = g_host->strdup(msg.c_str());
r.error = h->strdup(msg.c_str());
r.content = nullptr;
r.tool_calls_json = nullptr;
} catch (...) {
r.ok = 0;
r.error = g_host->strdup("json parse error");
r.error = h->strdup("json parse error");
r.content = nullptr;
r.tool_calls_json = nullptr;
}
@@ -252,18 +254,21 @@ static int my_configure(const char* provider, const char* base_url,
g_cfg.max_tokens = max_tokens;
g_cfg.temperature = temperature;
if (g_host) {
g_host->log(DSTALK_LOG_INFO,
const auto* h = g_host.load(std::memory_order_acquire);
if (h) {
h->log(DSTALK_LOG_INFO,
"[anthropic] configured: model=%s base_url=%s max_tokens=%d temperature=%.2f",
g_cfg.model.c_str(), g_cfg.base_url.c_str(),
g_cfg.max_tokens, g_cfg.temperature);
}
return 0;
} catch (const std::exception& e) {
if (g_host && g_host->log) g_host->log(DSTALK_LOG_ERROR, "[anthropic] my_configure exception: %s", e.what());
const auto* h = g_host.load(std::memory_order_acquire);
if (h && h->log) h->log(DSTALK_LOG_ERROR, "[anthropic] my_configure exception: %s", e.what());
return -1;
} catch (...) {
if (g_host && g_host->log) g_host->log(DSTALK_LOG_ERROR, "[anthropic] my_configure unknown exception");
const auto* h = g_host.load(std::memory_order_acquire);
if (h && h->log) h->log(DSTALK_LOG_ERROR, "[anthropic] my_configure unknown exception");
return -1;
}
}
@@ -280,13 +285,16 @@ static dstalk_chat_result_t my_chat(
dstalk_chat_result_t r = {};
r.ok = 0;
if (!g_http) {
r.error = g_host->strdup("http service not available");
const auto* host = g_host.load(std::memory_order_acquire);
const auto* http = g_http.load(std::memory_order_acquire);
if (!http) {
r.error = host->strdup("http service not available");
return r;
}
std::string scheme, host, port, target;
extract_host_port(g_cfg.base_url, scheme, host, port, target);
std::string scheme, hostname, port, target;
extract_host_port(g_cfg.base_url, scheme, hostname, port, target);
std::string target_path = target + "/v1/messages";
std::string body = build_request_json(history, history_len,
@@ -297,32 +305,35 @@ static dstalk_chat_result_t my_chat(
char* response_body = nullptr;
int status_code = 0;
int ret = g_http->post_json(
host.c_str(), port.c_str(), target_path.c_str(), body.c_str(),
int ret = http->post_json(
hostname.c_str(), port.c_str(), target_path.c_str(), body.c_str(),
headers_json.c_str(), &response_body, &status_code);
if (ret != 0) {
r.error = g_host->strdup("http request failed");
r.error = host->strdup("http request failed");
if (response_body) host->free(response_body);
return r;
}
parse_response(response_body, status_code, r);
if (response_body) {
g_host->free(response_body);
host->free(response_body);
}
return r;
} catch (const std::exception& e) {
if (g_host && g_host->log) g_host->log(DSTALK_LOG_ERROR, "[anthropic] my_chat exception: %s", e.what());
const auto* host = g_host.load(std::memory_order_acquire);
if (host && host->log) host->log(DSTALK_LOG_ERROR, "[anthropic] my_chat exception: %s", e.what());
dstalk_chat_result_t r = {};
r.ok = 0;
r.error = g_host ? g_host->strdup(e.what()) : nullptr;
r.error = host ? host->strdup(e.what()) : nullptr;
return r;
} catch (...) {
if (g_host && g_host->log) g_host->log(DSTALK_LOG_ERROR, "[anthropic] my_chat unknown exception");
const auto* host = g_host.load(std::memory_order_acquire);
if (host && host->log) host->log(DSTALK_LOG_ERROR, "[anthropic] my_chat unknown exception");
dstalk_chat_result_t r = {};
r.ok = 0;
r.error = g_host ? g_host->strdup("unknown exception") : nullptr;
r.error = host ? host->strdup("unknown exception") : nullptr;
return r;
}
}
@@ -367,10 +378,12 @@ static int sse_line_callback(const char* line, void* userdata)
// "event: ..." 行和其他 -> 忽略
return 1;
} catch (const std::exception& e) {
if (g_host && g_host->log) g_host->log(DSTALK_LOG_ERROR, "[anthropic] sse_line_callback exception: %s", e.what());
const auto* h = g_host.load(std::memory_order_acquire);
if (h && h->log) h->log(DSTALK_LOG_ERROR, "[anthropic] sse_line_callback exception: %s", e.what());
return 0;
} catch (...) {
if (g_host && g_host->log) g_host->log(DSTALK_LOG_ERROR, "[anthropic] sse_line_callback unknown exception");
const auto* h = g_host.load(std::memory_order_acquire);
if (h && h->log) h->log(DSTALK_LOG_ERROR, "[anthropic] sse_line_callback unknown exception");
return 0;
}
}
@@ -384,13 +397,16 @@ static dstalk_chat_result_t my_chat_stream(
dstalk_chat_result_t r = {};
r.ok = 0;
if (!g_http) {
r.error = g_host->strdup("http service not available");
const auto* host = g_host.load(std::memory_order_acquire);
const auto* http = g_http.load(std::memory_order_acquire);
if (!http) {
r.error = host->strdup("http service not available");
return r;
}
std::string scheme, host, port, target;
extract_host_port(g_cfg.base_url, scheme, host, port, target);
std::string scheme, hostname, port, target;
extract_host_port(g_cfg.base_url, scheme, hostname, port, target);
std::string target_path = target + "/v1/messages";
std::string body = build_request_json(history, history_len,
@@ -399,7 +415,7 @@ static dstalk_chat_result_t my_chat_stream(
std::string headers_json = build_headers_json();
StreamContext ctx;
ctx.host = g_host;
ctx.host = host;
ctx.user_cb = cb;
ctx.userdata = userdata;
ctx.saw_data_line = false;
@@ -407,8 +423,8 @@ static dstalk_chat_result_t my_chat_stream(
char* response_body = nullptr;
int status_code = 0;
int ret = g_http->post_stream(
host.c_str(), port.c_str(), target_path.c_str(), body.c_str(),
int ret = http->post_stream(
hostname.c_str(), port.c_str(), target_path.c_str(), body.c_str(),
headers_json.c_str(),
sse_line_callback, &ctx,
&response_body, &status_code);
@@ -424,49 +440,51 @@ static dstalk_chat_result_t my_chat_stream(
auto obj = jv.as_object();
if (obj.contains("error")) {
auto err = obj["error"].as_object();
r.error = g_host->strdup(
r.error = host->strdup(
json::value_to<std::string>(err["message"]).c_str());
}
} catch (...) {}
}
if (!r.error) {
if (status_code <= 0)
r.error = g_host->strdup("transport error");
r.error = host->strdup("transport error");
else
r.error = g_host->strdup(
r.error = host->strdup(
("HTTP " + std::to_string(status_code)).c_str());
}
if (response_body) g_host->free(response_body);
if (response_body) host->free(response_body);
r.content = nullptr;
r.tool_calls_json = nullptr;
return r;
}
if (response_body) g_host->free(response_body);
if (response_body) host->free(response_body);
if (ctx.accumulated.empty() && !ctx.saw_data_line) {
r.ok = 0;
r.error = g_host->strdup("no content received");
r.error = host->strdup("no content received");
r.content = nullptr;
r.tool_calls_json = nullptr;
} else {
r.ok = 1;
r.error = nullptr;
r.content = g_host->strdup(ctx.accumulated.c_str());
r.content = host->strdup(ctx.accumulated.c_str());
r.tool_calls_json = nullptr;
}
return r;
} catch (const std::exception& e) {
if (g_host && g_host->log) g_host->log(DSTALK_LOG_ERROR, "[anthropic] my_chat_stream exception: %s", e.what());
const auto* host = g_host.load(std::memory_order_acquire);
if (host && host->log) host->log(DSTALK_LOG_ERROR, "[anthropic] my_chat_stream exception: %s", e.what());
dstalk_chat_result_t r = {};
r.ok = 0;
r.error = g_host ? g_host->strdup(e.what()) : nullptr;
r.error = host ? host->strdup(e.what()) : nullptr;
return r;
} catch (...) {
if (g_host && g_host->log) g_host->log(DSTALK_LOG_ERROR, "[anthropic] my_chat_stream unknown exception");
const auto* host = g_host.load(std::memory_order_acquire);
if (host && host->log) host->log(DSTALK_LOG_ERROR, "[anthropic] my_chat_stream unknown exception");
dstalk_chat_result_t r = {};
r.ok = 0;
r.error = g_host ? g_host->strdup("unknown exception") : nullptr;
r.error = host ? host->strdup("unknown exception") : nullptr;
return r;
}
}
@@ -476,10 +494,11 @@ static dstalk_chat_result_t my_chat_stream(
// ============================================================================
static void my_free_result(dstalk_chat_result_t* result)
{
if (!result || !g_host) return;
if (result->content) { g_host->free((void*)result->content); result->content = nullptr; }
if (result->error) { g_host->free((void*)result->error); result->error = nullptr; }
if (result->tool_calls_json) { g_host->free((void*)result->tool_calls_json); result->tool_calls_json = nullptr; }
const auto* h = g_host.load(std::memory_order_acquire);
if (!result || !h) return;
if (result->content) { h->free((void*)result->content); result->content = nullptr; }
if (result->error) { h->free((void*)result->error); result->error = nullptr; }
if (result->tool_calls_json) { h->free((void*)result->tool_calls_json); result->tool_calls_json = nullptr; }
}
// ============================================================================
@@ -498,23 +517,27 @@ static dstalk_ai_service_t g_service = {
static int on_init(const dstalk_host_api_t* host)
{
try {
g_host = host;
g_http = (dstalk_http_service_t*)host->query_service("http", 1);
g_host.store(host, std::memory_order_release);
auto* http_svc = (dstalk_http_service_t*)host->query_service("http", 1);
g_http.store(http_svc, std::memory_order_release);
g_config = (dstalk_config_service_t*)host->query_service("config", 1);
if (!g_http) {
if (g_host) g_host->log(DSTALK_LOG_ERROR, "[anthropic] http service not found");
if (!http_svc) {
if (host) host->log(DSTALK_LOG_ERROR, "[anthropic] http service not found");
return -1;
}
if (g_host) g_host->log(DSTALK_LOG_INFO, "[anthropic] initializing Anthropic AI plugin");
if (host) host->log(DSTALK_LOG_INFO, "[anthropic] initializing Anthropic AI plugin");
return host->register_service("ai.anthropic", 1, &g_service);
} catch (const std::exception& e) {
if (g_host && g_host->log) g_host->log(DSTALK_LOG_ERROR, "[anthropic] on_init exception: %s", e.what());
const auto* h = g_host.load(std::memory_order_acquire);
if (h && h->log) h->log(DSTALK_LOG_ERROR, "[anthropic] on_init exception: %s", e.what());
return -1;
} catch (...) {
if (g_host && g_host->log) g_host->log(DSTALK_LOG_ERROR, "[anthropic] on_init unknown exception");
const auto* h = g_host.load(std::memory_order_acquire);
if (h && h->log) h->log(DSTALK_LOG_ERROR, "[anthropic] on_init unknown exception");
return -1;
}
}
@@ -522,16 +545,19 @@ static int on_init(const dstalk_host_api_t* host)
static void on_shutdown()
{
try {
if (g_host) g_host->log(DSTALK_LOG_INFO, "[anthropic] shutdown");
const auto* h = g_host.load(std::memory_order_acquire);
if (h) h->log(DSTALK_LOG_INFO, "[anthropic] shutdown");
secure_zero(g_cfg.api_key.data(), g_cfg.api_key.size());
g_cfg.api_key.clear();
g_http = nullptr;
g_http.store(nullptr, std::memory_order_release);
g_config = nullptr;
g_host = nullptr;
g_host.store(nullptr, std::memory_order_release);
} catch (const std::exception& e) {
if (g_host && g_host->log) g_host->log(DSTALK_LOG_ERROR, "[anthropic] on_shutdown exception: %s", e.what());
const auto* h = g_host.load(std::memory_order_acquire);
if (h && h->log) h->log(DSTALK_LOG_ERROR, "[anthropic] on_shutdown exception: %s", e.what());
} catch (...) {
if (g_host && g_host->log) g_host->log(DSTALK_LOG_ERROR, "[anthropic] on_shutdown unknown exception");
const auto* h = g_host.load(std::memory_order_acquire);
if (h && h->log) h->log(DSTALK_LOG_ERROR, "[anthropic] on_shutdown unknown exception");
}
}