XiuChengWu
28ae90a6cc
Some checks failed
- Refresh agents STATUS to W22.6 and exclude mailroom from metadata scans - Add mailroom dispatch checklist and defensive rules - Register F-23.D-1 and tag network input validation defense-in-depth - Update network plugin tests for header length limits - Fix LSP test metadata and remove orphan anthropic_internal.hpp Verification: - cmake --build build --config Release: 0 error, 0 warning - ctest --test-dir build --output-on-failure: 10/10 passed - ctest --test-dir build -R dstalk_smoke_test --output-on-failure: passed - python scripts/check_agents_metadata.py --strict: passed Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
12 KiB
12 KiB
Audit Findings Registry
维护人: grp-quality-core (王测) 格式定义: 见
agents/WORKFLOW.md§14.2 最后更新: 2026-06-03 (W23.D 登记 network 输入验证 defense-in-depth 发现)
Open Findings
| ID | Severity | Source | Title | Status | Assigned To | Fix Wave | Verified By |
|---|---|---|---|---|---|---|---|
| F-23.D-1 | LOW | W23.D security-cao review | network_plugin request input validation defense-in-depth: headers_json length limits and host/target/port validation were absent | FIXED | security-cao | W23.D | CEO |
Closed Findings
Closed Findings 表必须包含 Close Date 字段(格式 YYYY-MM-DD),记录发现关闭日期。字段定义见 WORKFLOW.md §14.1。
| ID | Severity | Source | Title | Close Date | Fix Wave | Verified By |
|---|---|---|---|---|---|---|
| F-11.7-3 | LOW | W11.7-destructive-test.md | /context silent no-output when session unavailable; no else branch — main.cpp:175-185 |
2026-05-27 | W18.2 | engineer-zhao |
| F-11.7-4 | LOW | W11.7-destructive-test.md | /file write (no args) matched as unknown command instead of usage hint |
2026-05-27 | W18.2 | engineer-zhao |
| F-11.7-1 | CRITICAL | W11.7-destructive-test.md | build/bin/dstalk-cli.exe corrupt copy (MD5 d8e8c92b vs 803ca2ea); all commands treated as AI prompt, exit code always 3 |
2026-05-27 | W12.4 | security-cao |
| F-11.1-1 | HIGH | W11.1-context-audit.md | C++ exception (std::bad_alloc)穿越ABI边界,违反plugin-abi §5.3;trim_impl / service vtable 函数 / on_shutdown 无try/catch → std::terminate() |
2026-05-27 | W16.2 | engineer-sun |
| F-11.1-2 | HIGH | W11.1-context-audit.md | strdup返回值未检查,OOM时静默失败+泄漏;L138-141/L219-222 循环内4次strdup无nullptr检查 | 2026-05-27 | W16.3 | engineer-chen |
| F-11.1-3 | MEDIUM | W11.1-context-audit.md | context_set_max_tokens死API,g_max_tokens从未被读取 | 2026-05-27 | W18.1 | qa-wang |
| F-11.1-4 | LOW | W11.1-context-audit.md | UTF-8解码无越界保护,多字节序列假设后续字节有效 | 2026-05-27 | W18.1 | qa-wang |
| F-11.1-5 | LOW | W11.1-context-audit.md | token计数逻辑重复(~90%重复) | 2026-05-27 | W18.1 | qa-wang |
| F-11.1-6 | LOW | W11.1-context-audit.md | 0xC0/0xC1过短编码未识别 | 2026-05-27 | W18.1 | qa-wang |
| F-13.3-1 | CRITICAL | W13.3-network-audit.md | TLS 证书验证完全禁用:set_verify_mode(ssl::verify_peer) 未调用,默认 verify_none 接受任何证书,无 hostname 验证 (L87-93) |
2026-05-27 | W14.1 | security-cao |
| F-13.3-2 | HIGH | W13.3-network-audit.md | DNS 解析无超时:resolver.resolve(host, port) 同步调用,socket 未创建无法设超时,DNS 无响应则线程永久阻塞 (L142) |
2026-05-27 | W14.1 | security-cao |
| F-13.3-3 | MEDIUM | W13.3-network-audit.md | 异常处理缺 catch(...) 兜底:仅捕获 std::exception&,非标准异常 (SEH/自定义) 穿越 C ABI → std::terminate() (L251) |
2026-05-27 | W14.1 | security-cao |
| F-11.7-2 | MEDIUM | W11.7-destructive-test.md | /clear reports [OK] even when session unavailable (g_session==null) — main.cpp:168-172 |
2026-05-27 | W17.3 | qa-wang |
| F-13.1-1 | HIGH | W13.1-anthropic-audit.md | 6 C ABI functions zero try/catch protection (§8): my_configure/my_chat/my_chat_stream/sse_line_callback/on_init/on_shutdown -- any std::bad_alloc → std::terminate() | 2026-05-27 | W14.5 | qa-wang |
| F-13.1-4 | MEDIUM | W13.1-anthropic-audit.md | sse_line_callback no exception protection (L326 std::string alloc): relies on network plugin try/catch as fragile assumption | 2026-05-27 | W14.5 | qa-wang |
| F-13.2-1 | HIGH | W13.2-deepseek-audit.md | C++ exceptions cross C ABI boundary (§8): json::parse(tools_json) in build_request_json (L129) and json::parse(tool_calls_json) in append_history (L91) can throw → std::terminate() | 2026-05-27 | W14.5 | qa-wang |
| F-13.2-2 | MEDIUM | W13.2-deepseek-audit.md | Asymmetric exception protection: parse_response has internal try/catch but build_request_json does not (L129 json::parse unprotected) | 2026-05-27 | W14.5 | qa-wang |
| F-13.2-3 | MEDIUM | W13.2-deepseek-audit.md | SSE [DONE] sentinel exact match too brittle (L213): trailing spaces prevent match → stream never terminates → caller hang | 2026-05-27 | W17.2 | engineer-zhao |
| F-13.2-4 | MEDIUM | W13.2-deepseek-audit.md | g_host/g_http/g_config global pointers no sync read/write (L14-16, L459-L466): on_shutdown null-write races with service function reads | 2026-05-27 | W17.2 | engineer-zhao |
| F-13.1-2 | HIGH | W13.1-anthropic-audit.md | response_body leak in my_chat error path: ret!=0 returns without freeing response_body | 2026-05-27 | W17.4 | — |
| F-13.1-3 | HIGH | W13.1-anthropic-audit.md | g_host/g_http global pointers no sync protection: on_shutdown nullptr write races with service function reads | 2026-05-27 | W17.4 | — |
| F-18.3-1 | HIGH | W18.3-plugin-loader-audit.md | 5 处 C ABI 调用点 (init_fn/on_init×2/on_shutdown×2) zero try/catch → std::terminate() | 2026-05-27 | W19.1 | CEO |
| F-18.3-2 | MEDIUM | W18.3-plugin-loader-audit.md | load_plugin 5 失败路径静默返回 -1 无日志 (GetLastError/dlerror 丢弃) | 2026-05-27 | W19.2 | CEO |
| F-18.3-3 | MEDIUM | W18.3-plugin-loader-audit.md | dstalk_plugin_load 公开 API 路径零验证:无扩展名/目录/来源完整性检查 | 2026-05-27 | W19.2 | CEO |
| F-18.3-4 | MEDIUM | W18.3-plugin-loader-audit.md | fprintf(stderr) 绕过 host->log 日志通道 | 2026-05-27 | W19.2 | CEO |
| F-18.3-5 | MEDIUM | W18.3-plugin-loader-audit.md | next_id_ 非原子,load_plugin 并发调用可产生重复 ID | 2026-05-27 | W19.2 | CEO |
Change Log
| Date | Change | Author |
|---|---|---|
| 2026-05-27 | W15.2 初始化,从 W11.1/W11.7 提取 10 条发现 | 王测 (qa-wang) |
| 2026-06-03 | W23.D: 登记 F-23.D-1 LOW,network_plugin 输入验证 defense-in-depth;W23.D 代码已补 headers_json 长度限制与 host/target/port 校验,进入 FIXED 等待 CEO 验收 | CEO |
| 2026-05-27 | W16.1: F-11.7-1 状态 CLOSED,W12.4 已彻底修复 build 产物路径不一致,验证通过 | 曹武 (security-cao) |
| 2026-05-27 | W16.2: F-11.1-1 状态 FIXED,context_set_max_tokens / on_shutdown 添加 try/catch 包装 | 孙宇 (engineer-sun) |
| 2026-05-27 | W16.3: F-11.1-2 状态 FIXED,strdup OOM 检查在 W12.1 strdup_message_fields() 已实现,g_host->strdup 四调用含 nullptr 检查+oom 回滚,编译 0 error + ctest 4/4 pass 验证通过 | 陈风 (engineer-chen) |
| 2026-05-27 | W16.6: 从 W13.1/W13.2 审计报告提取 8 条 MEDIUM+ 发现录入 Open 分区;F-13.1-1/F-13.1-4/F-13.2-1/F-13.2-2 标注 Fix Wave W14(ABI 异常安全已在 W14.5 修复) | 赵码 (engineer-zhao) |
| 2026-05-27 | W17.1: F-13.3-1/F-13.3-2/F-13.3-3 状态 CLOSED — W14.1 周岩已修复全部 3 项(TLS verify_peer + SSL_set1_host、DNS steady_timer 10s 超时、catch(...) 兜底),编译 0 error + ctest 4/4 pass 验证通过 | 曹武 (security-cao) |
| 2026-05-27 | W17.3: F-13.1-1/F-13.1-4/F-13.2-1/F-13.2-2 状态 CLOSED — W14.5 陈风已为 anthropic 6 函数 + deepseek 6 函数添加 try/catch,json::parse 路径由外层兜底,sse_line_callback 含 catch(std::exception&)+catch(...);F-11.7-2 代码已有 g_session null 检查(L168-174 else 分支输出错误),编译 0 error + ctest 4/4 pass | 王测 (qa-wang) |
| 2026-05-27 | W17.2: F-13.2-3/F-13.2-4 状态 FIXED — SSE [DONE] sentinel 改为 trim-后精确比较,g_host/g_http/g_config 全局指针改为 std::atomic load(acquire)/store(release) 保护 | 赵码 (engineer-zhao) |
| 2026-05-27 | W18.3: F-18.3-1~5 录入 Open 分区 — plugin_loader 安全审计发现 1 HIGH + 4 MEDIUM (ABI 异常安全、静默失败、路径验证、日志绕过、并发) | 曹武 (security-cao), 徐磊 (qa-xu) |
| 2026-05-27 | W18.2: F-11.7-3/F-11.7-4 状态 CLOSED — /context else 分支消息改为 "No active session" (main.cpp:188),/file write 无参用法提示已在重构的 /file 分发器中正确实现 (main.cpp:274),/status 增加连接状态行 (main.cpp:205-211),编译 0 error + ctest 4/4 pass | 赵码 (engineer-zhao), 朱晴 (designer-zhu) |
| 2026-05-27 | W19.1: F-18.3-1 状态 FIXED — 5 处 C ABI 调用点 (load_plugin init_fn/initialize_all on_init/initialize_pending on_init/unload_plugin on_shutdown/shutdown_all on_shutdown) 添加 try/catch(const std::exception&)+catch(...) 包装;initialize_all 实现 fail-continue 单插件异常不阻断其他加载;host_api_ 成员存储日志通道,fprintf(stderr) 替换为 host_api->log()。编译 0 error,ctest 5/5 pass。 | 曹武 (security-cao), 徐磊 (qa-xu) |
| 2026-05-27 | W19.2: F-18.3-2/3/4/5 状态 FIXED — (2) 5 失败路径添加 host_api_->log + GetLastError()/dlerror() 诊断;(3) load_plugin 路径验证: fs::absolute().lexically_normal() + 扩展名白名单(.dll/.so/.dylib) + 目录约束(plugins/ 子目录);(4) fprintf(stderr) 全部替换为 host_api_->log();(5) next_id_ 改为 std::atomic。编译 0 error,ctest 5/5 pass。 | 刘静 (engineer-liu), 陈风 (engineer-chen) |
| 2026-05-27 | W19.3: 验证 F-18.3-1~5 — CEO 复核 plugin_loader.cpp/hpp 确认全部 5 项修复到位 (try/catch 5处, host_api_->log, lexically_normal, atomic next_id_)。编译 0 error,ctest 5/5 pass。 | 王测 (qa-wang), 林深 (architect-lin) |
| 2026-05-27 | W19.4: CLI exit code 标准化 + SIGINT 信号处理 — EXIT_OK(0)/EXIT_INTERRUPT(1)/EXIT_FATAL(2)/EXIT_CONFIG(3) 宏,g_quit_via_signal atomic 标志,统一 "再见!" 关闭消息。编译 0 error,ctest 5/5 pass。 | 赵码 (engineer-zhao), 朱晴 (designer-zhu) |
| 2026-05-27 | W19.5: CI 双平台矩阵验证 — ci.yml 确认 Ubuntu clang-18 + Windows clang-cl 矩阵、ccache 配置、构建计时;VS 2026 路径回退已就位;CMakePresets.json ci-release preset 验证通过。 | 马奔 (devops-ma), 胡桐 (devops-hu) |
| 2026-05-27 | W17.4: F-13.1-2/F-13.1-3 状态 FIXED — my_chat ret!=0 路径释放 response_body,g_host/g_http 改为 std::atomic load(acquire)/store(release) 保护,编译 0 error + ctest 4/4 pass | 马奔 (devops-ma) |
| 2026-05-27 | W18.1: F-11.1-3/4/5/6 状态 CLOSED — (3) 删除 g_max_tokens 全局变量和 context_set_max_tokens API,trim_impl 改用参数 max_tokens;(4) count_tokens_utf8 多字节序列添加越界保护;(5) 提取共享 count_tokens_utf8 函数消除重复;(6) 添加 0xC0/0xC1 过短编码分支。新增 context_plugin_test.cpp 13 测试块覆盖。 | 王测 (qa-wang), 林深 (architect-lin) |
| 2026-05-27 | W19.1: F-18.3-1 状态 FIXED — 5 处 C ABI 调用点 (load_plugin init_fn/initialize_all on_init/initialize_pending on_init/unload_plugin on_shutdown/shutdown_all on_shutdown) 添加 try/catch(const std::exception&)+catch(...) 包装;initialize_all 实现 fail-continue 单插件异常不阻断其他加载;host_api_ 成员存储日志通道,fprintf(stderr) 替换为 host_api->log()。编译 0 error,ctest 5/5 pass。 | 曹武 (security-cao), 徐磊 (qa-xu) |