pulsareon/dstalk
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

W18: context cleanup + CLI fixes + loader audit + CI matrix (W18.1-W18.4)
Some checks failed
CI / Determine matrix (push) Has been cancelled
Details
CI / ${{ matrix.os }} / ${{ matrix.build_type }} (push) Has been cancelled
Details

Browse Source 
- W18.1 (王测+林深): Remove g_max_tokens dead API, UTF-8 bounds protection, deduplicate token counting, 0xC0/0xC1 handling, add 13 test blocks (36 checks)
- W18.2 (赵码+朱晴): Fix /context no-session error message, /status 3-state connection display
- W18.3 (曹武+徐磊): plugin_loader security audit — 9 dimensions, rating C, 1 HIGH + 2 MEDIUM findings
- W18.4 (马奔+胡桐): CI dual-platform matrix (Ubuntu clang-18 + Windows clang-cl), ccache, build timing baseline

Build 0 error, ctest 5/5 pass, metadata check clean.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
XiuChengWu
2026-05-27 19:09:21 +08:00
parent 852e2cac08
commit c545d16120
18 changed files with 945 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
agents/audits/findings-registry.md
View File

@@ -2,7 +2,7 @@
> **维护人**: grp-quality-core (王测)
> **格式定义**: 见 `agents/WORKFLOW.md` §14.2
> **最后更新**: 2026-05-27 (W17.3 王测,验证 W14 修复并关闭 F-13.1-1/4 + F-13.2-1/2 + F-11.7-2)
> **最后更新**: 2026-05-27 (W18.3 曹武+徐磊plugin_loader 安全审计,录入 5 条 MEDIUM+ 发现)
---
@@ -10,12 +10,11 @@
| ID | Severity | Source | Title | Status | Assigned To | Fix Wave | Verified By |
|----|----------|--------|-------|--------|-------------|----------|-------------|
| F-11.7-3 | LOW | [W11.7-destructive-test.md](W11.7-destructive-test.md) | `/context` silent no-output when session unavailable; no else branch — main.cpp:175-185 | OPEN | — | — | — |
| F-11.7-4 | LOW | [W11.7-destructive-test.md](W11.7-destructive-test.md) | `/file write` (no args) matched as unknown command instead of usage hint | OPEN | — | — | — |
| F-11.1-3 | MEDIUM | [W11.1-context-audit.md](W11.1-context-audit.md) | context_set_max_tokens死APIg_max_tokens从未被读取L21/L243-244 | OPEN | — | — | — |
| F-11.1-4 | LOW | [W11.1-context-audit.md](W11.1-context-audit.md) | UTF-8解码无越界保护L42-64, L96-104多字节序列假设后续字节有效 | OPEN | — | — | — |
| F-11.1-5 | LOW | [W11.1-context-audit.md](W11.1-context-audit.md) | token计数逻辑重复L34-68 vs L91-106 ~90%重复) | OPEN | — | — | — |
| F-11.1-6 | LOW | [W11.1-context-audit.md](W11.1-context-audit.md) | 0xC0/0xC1过短编码未识别L52, L100仅影响token估算计数 | OPEN | — | — | — |
| F-18.3-1 | HIGH | [W18.3-plugin-loader-audit.md](W18.3-plugin-loader-audit.md) | 5 处 C ABI 调用点 zero try/catch: on_init/on_shutdown/init_fn 穿越 ABI → std::terminate() (load_plugin L59, initialize_all L237, initialize_pending L272, unload_plugin L108-109, shutdown_all L306-307) | OPEN | — | — | — |
| F-18.3-2 | MEDIUM | [W18.3-plugin-loader-audit.md](W18.3-plugin-loader-audit.md) | load_plugin 全静默失败: 5 个独立失败点均返回 -1 无日志, GetProcAddress/dlsym 不调 GetLastError/dlerror (L28-77) | OPEN | — | — | — |
| F-18.3-3 | MEDIUM | [W18.3-plugin-loader-audit.md](W18.3-plugin-loader-audit.md) | 公开 API dstalk_plugin_load 路径零验证: 无规范化/目录约束/扩展名校验/签名验证, 相对路径触发 DLL 搜索劫持 (host.cpp:240 + load_plugin L32-35) | OPEN | — | — | — |
| F-18.3-4 | MEDIUM | [W18.3-plugin-loader-audit.md](W18.3-plugin-loader-audit.md) | initialize_all 用 fprintf(stderr) 替代 host->log(): 绕过诊断回调系统, host_api 在手却未用 (L229, L239-240) | OPEN | — | — | — |
| F-18.3-5 | MEDIUM | [W18.3-plugin-loader-audit.md](W18.3-plugin-loader-audit.md) | PluginLoader 零内部同步: next_id_++ 非原子, plugins_ 无 mutex; dstalk_plugin_load 不持 g_init_mutex (§6.5 文档声明单线程但代码无强制) | OPEN | — | — | — |
---
@@ -25,9 +24,15 @@
| ID | Severity | Source | Title | Close Date | Fix Wave | Verified By |
|----|----------|--------|-------|-------------|----------|-------------|
| F-11.7-3 | LOW | [W11.7-destructive-test.md](W11.7-destructive-test.md) | `/context` silent no-output when session unavailable; no else branch — main.cpp:175-185 | 2026-05-27 | W18.2 | engineer-zhao |
| F-11.7-4 | LOW | [W11.7-destructive-test.md](W11.7-destructive-test.md) | `/file write` (no args) matched as unknown command instead of usage hint | 2026-05-27 | W18.2 | engineer-zhao |
| F-11.7-1 | CRITICAL | [W11.7-destructive-test.md](W11.7-destructive-test.md) | `build/bin/dstalk-cli.exe` corrupt copy (MD5 d8e8c92b vs 803ca2ea); all commands treated as AI prompt, exit code always 3 | 2026-05-27 | W12.4 | security-cao |
| F-11.1-1 | HIGH | [W11.1-context-audit.md](W11.1-context-audit.md) | C++ exception (`std::bad_alloc`)穿越ABI边界违反plugin-abi §5.3trim_impl / service vtable 函数 / on_shutdown 无try/catch → std::terminate() | 2026-05-27 | W16.2 | engineer-sun |
| F-11.1-2 | HIGH | [W11.1-context-audit.md](W11.1-context-audit.md) | strdup返回值未检查OOM时静默失败+泄漏L138-141/L219-222 循环内4次strdup无nullptr检查 | 2026-05-27 | W16.3 | engineer-chen |
| F-11.1-3 | MEDIUM | [W11.1-context-audit.md](W11.1-context-audit.md) | context_set_max_tokens死APIg_max_tokens从未被读取 | 2026-05-27 | W18.1 | qa-wang |
| F-11.1-4 | LOW | [W11.1-context-audit.md](W11.1-context-audit.md) | UTF-8解码无越界保护多字节序列假设后续字节有效 | 2026-05-27 | W18.1 | qa-wang |
| F-11.1-5 | LOW | [W11.1-context-audit.md](W11.1-context-audit.md) | token计数逻辑重复~90%重复) | 2026-05-27 | W18.1 | qa-wang |
| F-11.1-6 | LOW | [W11.1-context-audit.md](W11.1-context-audit.md) | 0xC0/0xC1过短编码未识别 | 2026-05-27 | W18.1 | qa-wang |
| F-13.3-1 | CRITICAL | [W13.3-network-audit.md](W13.3-network-audit.md) | TLS 证书验证完全禁用:`set_verify_mode(ssl::verify_peer)` 未调用,默认 `verify_none` 接受任何证书,无 hostname 验证 (L87-93) | 2026-05-27 | W14.1 | security-cao |
| F-13.3-2 | HIGH | [W13.3-network-audit.md](W13.3-network-audit.md) | DNS 解析无超时:`resolver.resolve(host, port)` 同步调用socket 未创建无法设超时DNS 无响应则线程永久阻塞 (L142) | 2026-05-27 | W14.1 | security-cao |
| F-13.3-3 | MEDIUM | [W13.3-network-audit.md](W13.3-network-audit.md) | 异常处理缺 `catch(...)` 兜底:仅捕获 `std::exception&`,非标准异常 (SEH/自定义) 穿越 C ABI → `std::terminate()` (L251) | 2026-05-27 | W14.1 | security-cao |
@@ -55,4 +60,7 @@
| 2026-05-27 | W17.1: F-13.3-1/F-13.3-2/F-13.3-3 状态 CLOSED — W14.1 周岩已修复全部 3 项TLS verify_peer + SSL_set1_host、DNS steady_timer 10s 超时、catch(...) 兜底),编译 0 error + ctest 4/4 pass 验证通过 | 曹武 (security-cao) |
| 2026-05-27 | W17.3: F-13.1-1/F-13.1-4/F-13.2-1/F-13.2-2 状态 CLOSED — W14.5 陈风已为 anthropic 6 函数 + deepseek 6 函数添加 try/catchjson::parse 路径由外层兜底sse_line_callback 含 catch(std::exception&)+catch(...)F-11.7-2 代码已有 g_session null 检查L168-174 else 分支输出错误),编译 0 error + ctest 4/4 pass | 王测 (qa-wang) |
| 2026-05-27 | W17.2: F-13.2-3/F-13.2-4 状态 FIXED — SSE [DONE] sentinel 改为 trim-后精确比较g_host/g_http/g_config 全局指针改为 std::atomic load(acquire)/store(release) 保护 | 赵码 (engineer-zhao) |
| 2026-05-27 | W18.3: F-18.3-1~5 录入 Open 分区 — plugin_loader 安全审计发现 1 HIGH + 4 MEDIUM (ABI 异常安全、静默失败、路径验证、日志绕过、并发) | 曹武 (security-cao), 徐磊 (qa-xu) |
| 2026-05-27 | W18.2: F-11.7-3/F-11.7-4 状态 CLOSED — /context else 分支消息改为 "No active session" (main.cpp:188)/file write 无参用法提示已在重构的 /file 分发器中正确实现 (main.cpp:274)/status 增加连接状态行 (main.cpp:205-211),编译 0 error + ctest 4/4 pass | 赵码 (engineer-zhao), 朱晴 (designer-zhu) |
| 2026-05-27 | W17.4: F-13.1-2/F-13.1-3 状态 FIXED — my_chat ret!=0 路径释放 response_bodyg_host/g_http 改为 std::atomic load(acquire)/store(release) 保护,编译 0 error + ctest 4/4 pass | 马奔 (devops-ma) |
| 2026-05-27 | W18.1: F-11.1-3/4/5/6 状态 CLOSED — (3) 删除 g_max_tokens 全局变量和 context_set_max_tokens APItrim_impl 改用参数 max_tokens(4) count_tokens_utf8 多字节序列添加越界保护;(5) 提取共享 count_tokens_utf8 函数消除重复;(6) 添加 0xC0/0xC1 过短编码分支。新增 context_plugin_test.cpp 13 测试块覆盖。 | 王测 (qa-wang), 林深 (architect-lin) |