dstalk/agents/audits/findings-registry.md

# Audit Findings Registry

> **维护人**: grp-quality-core (王测)
> **格式定义**: 见 `agents/WORKFLOW.md` §14.2
> **最后更新**: 2026-05-27 (W19 CEO 验收，关闭 plugin_loader 全部 5 条发现，findings 归零)

---

## Open Findings

| ID | Severity | Source | Title | Status | Assigned To | Fix Wave | Verified By |
|----|----------|--------|-------|--------|-------------|----------|-------------|
| — | — | — | 暂无 OPEN 发现 | — | — | — | — |

---

## Closed Findings

> Closed Findings 表必须包含 Close Date 字段（格式 YYYY-MM-DD），记录发现关闭日期。字段定义见 WORKFLOW.md §14.1。

| ID | Severity | Source | Title | Close Date | Fix Wave | Verified By |
|----|----------|--------|-------|-------------|----------|-------------|
| F-11.7-3 | LOW | [W11.7-destructive-test.md](W11.7-destructive-test.md) | `/context` silent no-output when session unavailable; no else branch — main.cpp:175-185 | 2026-05-27 | W18.2 | engineer-zhao |
| F-11.7-4 | LOW | [W11.7-destructive-test.md](W11.7-destructive-test.md) | `/file write` (no args) matched as unknown command instead of usage hint | 2026-05-27 | W18.2 | engineer-zhao |
| F-11.7-1 | CRITICAL | [W11.7-destructive-test.md](W11.7-destructive-test.md) | `build/bin/dstalk-cli.exe` corrupt copy (MD5 d8e8c92b vs 803ca2ea); all commands treated as AI prompt, exit code always 3 | 2026-05-27 | W12.4 | security-cao |
| F-11.1-1 | HIGH | [W11.1-context-audit.md](W11.1-context-audit.md) | C++ exception (`std::bad_alloc`)穿越ABI边界，违反plugin-abi §5.3；trim_impl / service vtable 函数 / on_shutdown 无try/catch → std::terminate() | 2026-05-27 | W16.2 | engineer-sun |
| F-11.1-2 | HIGH | [W11.1-context-audit.md](W11.1-context-audit.md) | strdup返回值未检查，OOM时静默失败+泄漏；L138-141/L219-222 循环内4次strdup无nullptr检查 | 2026-05-27 | W16.3 | engineer-chen |
| F-11.1-3 | MEDIUM | [W11.1-context-audit.md](W11.1-context-audit.md) | context_set_max_tokens死API，g_max_tokens从未被读取 | 2026-05-27 | W18.1 | qa-wang |
| F-11.1-4 | LOW | [W11.1-context-audit.md](W11.1-context-audit.md) | UTF-8解码无越界保护，多字节序列假设后续字节有效 | 2026-05-27 | W18.1 | qa-wang |
| F-11.1-5 | LOW | [W11.1-context-audit.md](W11.1-context-audit.md) | token计数逻辑重复（~90%重复） | 2026-05-27 | W18.1 | qa-wang |
| F-11.1-6 | LOW | [W11.1-context-audit.md](W11.1-context-audit.md) | 0xC0/0xC1过短编码未识别 | 2026-05-27 | W18.1 | qa-wang |
| F-13.3-1 | CRITICAL | [W13.3-network-audit.md](W13.3-network-audit.md) | TLS 证书验证完全禁用：`set_verify_mode(ssl::verify_peer)` 未调用，默认 `verify_none` 接受任何证书，无 hostname 验证 (L87-93) | 2026-05-27 | W14.1 | security-cao |
| F-13.3-2 | HIGH | [W13.3-network-audit.md](W13.3-network-audit.md) | DNS 解析无超时：`resolver.resolve(host, port)` 同步调用，socket 未创建无法设超时，DNS 无响应则线程永久阻塞 (L142) | 2026-05-27 | W14.1 | security-cao |
| F-13.3-3 | MEDIUM | [W13.3-network-audit.md](W13.3-network-audit.md) | 异常处理缺 `catch(...)` 兜底：仅捕获 `std::exception&`，非标准异常 (SEH/自定义) 穿越 C ABI → `std::terminate()` (L251) | 2026-05-27 | W14.1 | security-cao |
| F-11.7-2 | MEDIUM | [W11.7-destructive-test.md](W11.7-destructive-test.md) | `/clear` reports [OK] even when session unavailable (g_session==null) — main.cpp:168-172 | 2026-05-27 | W17.3 | qa-wang |
| F-13.1-1 | HIGH | [W13.1-anthropic-audit.md](W13.1-anthropic-audit.md) | 6 C ABI functions zero try/catch protection (§8): my_configure/my_chat/my_chat_stream/sse_line_callback/on_init/on_shutdown -- any std::bad_alloc → std::terminate() | 2026-05-27 | W14.5 | qa-wang |
| F-13.1-4 | MEDIUM | [W13.1-anthropic-audit.md](W13.1-anthropic-audit.md) | sse_line_callback no exception protection (L326 std::string alloc): relies on network plugin try/catch as fragile assumption | 2026-05-27 | W14.5 | qa-wang |
| F-13.2-1 | HIGH | [W13.2-deepseek-audit.md](W13.2-deepseek-audit.md) | C++ exceptions cross C ABI boundary (§8): json::parse(tools_json) in build_request_json (L129) and json::parse(tool_calls_json) in append_history (L91) can throw → std::terminate() | 2026-05-27 | W14.5 | qa-wang |
| F-13.2-2 | MEDIUM | [W13.2-deepseek-audit.md](W13.2-deepseek-audit.md) | Asymmetric exception protection: parse_response has internal try/catch but build_request_json does not (L129 json::parse unprotected) | 2026-05-27 | W14.5 | qa-wang |
| F-13.2-3 | MEDIUM | [W13.2-deepseek-audit.md](W13.2-deepseek-audit.md) | SSE [DONE] sentinel exact match too brittle (L213): trailing spaces prevent match → stream never terminates → caller hang | 2026-05-27 | W17.2 | engineer-zhao |
| F-13.2-4 | MEDIUM | [W13.2-deepseek-audit.md](W13.2-deepseek-audit.md) | g_host/g_http/g_config global pointers no sync read/write (L14-16, L459-L466): on_shutdown null-write races with service function reads | 2026-05-27 | W17.2 | engineer-zhao |
| F-13.1-2 | HIGH | [W13.1-anthropic-audit.md](W13.1-anthropic-audit.md) | response_body leak in my_chat error path: ret!=0 returns without freeing response_body | 2026-05-27 | W17.4 | — |
| F-13.1-3 | HIGH | [W13.1-anthropic-audit.md](W13.1-anthropic-audit.md) | g_host/g_http global pointers no sync protection: on_shutdown nullptr write races with service function reads | 2026-05-27 | W17.4 | — |
| F-18.3-1 | HIGH | [W18.3-plugin-loader-audit.md](W18.3-plugin-loader-audit.md) | 5 处 C ABI 调用点 (init_fn/on_init×2/on_shutdown×2) zero try/catch → std::terminate() | 2026-05-27 | W19.1 | CEO |
| F-18.3-2 | MEDIUM | [W18.3-plugin-loader-audit.md](W18.3-plugin-loader-audit.md) | load_plugin 5 失败路径静默返回 -1 无日志 (GetLastError/dlerror 丢弃) | 2026-05-27 | W19.2 | CEO |
| F-18.3-3 | MEDIUM | [W18.3-plugin-loader-audit.md](W18.3-plugin-loader-audit.md) | dstalk_plugin_load 公开 API 路径零验证：无扩展名/目录/来源完整性检查 | 2026-05-27 | W19.2 | CEO |
| F-18.3-4 | MEDIUM | [W18.3-plugin-loader-audit.md](W18.3-plugin-loader-audit.md) | fprintf(stderr) 绕过 host->log 日志通道 | 2026-05-27 | W19.2 | CEO |
| F-18.3-5 | MEDIUM | [W18.3-plugin-loader-audit.md](W18.3-plugin-loader-audit.md) | next_id_ 非原子，load_plugin 并发调用可产生重复 ID | 2026-05-27 | W19.2 | CEO |

---

## Change Log

| Date | Change | Author |
|------|--------|--------|
| 2026-05-27 | W15.2 初始化，从 W11.1/W11.7 提取 10 条发现 | 王测 (qa-wang) |
| 2026-05-27 | W16.1: F-11.7-1 状态 CLOSED，W12.4 已彻底修复 build 产物路径不一致，验证通过 | 曹武 (security-cao) |
| 2026-05-27 | W16.2: F-11.1-1 状态 FIXED，context_set_max_tokens / on_shutdown 添加 try/catch 包装 | 孙宇 (engineer-sun) |
| 2026-05-27 | W16.3: F-11.1-2 状态 FIXED，strdup OOM 检查在 W12.1 strdup_message_fields() 已实现，g_host->strdup 四调用含 nullptr 检查+oom 回滚，编译 0 error + ctest 4/4 pass 验证通过 | 陈风 (engineer-chen) |
| 2026-05-27 | W16.6: 从 W13.1/W13.2 审计报告提取 8 条 MEDIUM+ 发现录入 Open 分区；F-13.1-1/F-13.1-4/F-13.2-1/F-13.2-2 标注 Fix Wave W14（ABI 异常安全已在 W14.5 修复） | 赵码 (engineer-zhao) |
| 2026-05-27 | W17.1: F-13.3-1/F-13.3-2/F-13.3-3 状态 CLOSED — W14.1 周岩已修复全部 3 项（TLS verify_peer + SSL_set1_host、DNS steady_timer 10s 超时、catch(...) 兜底），编译 0 error + ctest 4/4 pass 验证通过 | 曹武 (security-cao) |
| 2026-05-27 | W17.3: F-13.1-1/F-13.1-4/F-13.2-1/F-13.2-2 状态 CLOSED — W14.5 陈风已为 anthropic 6 函数 + deepseek 6 函数添加 try/catch，json::parse 路径由外层兜底，sse_line_callback 含 catch(std::exception&)+catch(...)；F-11.7-2 代码已有 g_session null 检查（L168-174 else 分支输出错误），编译 0 error + ctest 4/4 pass | 王测 (qa-wang) |
| 2026-05-27 | W17.2: F-13.2-3/F-13.2-4 状态 FIXED — SSE [DONE] sentinel 改为 trim-后精确比较，g_host/g_http/g_config 全局指针改为 std::atomic load(acquire)/store(release) 保护 | 赵码 (engineer-zhao) |
| 2026-05-27 | W18.3: F-18.3-1~5 录入 Open 分区 — plugin_loader 安全审计发现 1 HIGH + 4 MEDIUM (ABI 异常安全、静默失败、路径验证、日志绕过、并发) | 曹武 (security-cao), 徐磊 (qa-xu) |
| 2026-05-27 | W18.2: F-11.7-3/F-11.7-4 状态 CLOSED — /context else 分支消息改为 "No active session" (main.cpp:188)，/file write 无参用法提示已在重构的 /file 分发器中正确实现 (main.cpp:274)，/status 增加连接状态行 (main.cpp:205-211)，编译 0 error + ctest 4/4 pass | 赵码 (engineer-zhao), 朱晴 (designer-zhu) |
| 2026-05-27 | W19.1: F-18.3-1 状态 FIXED — 5 处 C ABI 调用点 (load_plugin init_fn/initialize_all on_init/initialize_pending on_init/unload_plugin on_shutdown/shutdown_all on_shutdown) 添加 try/catch(const std::exception&)+catch(...) 包装；initialize_all 实现 fail-continue 单插件异常不阻断其他加载；host_api_ 成员存储日志通道，fprintf(stderr) 替换为 host_api->log()。编译 0 error，ctest 5/5 pass。 | 曹武 (security-cao), 徐磊 (qa-xu) |
| 2026-05-27 | W19.2: F-18.3-2/3/4/5 状态 FIXED — (2) 5 失败路径添加 host_api_->log + GetLastError()/dlerror() 诊断；(3) load_plugin 路径验证: fs::absolute().lexically_normal() + 扩展名白名单(.dll/.so/.dylib) + 目录约束(plugins/ 子目录)；(4) fprintf(stderr) 全部替换为 host_api_->log()；(5) next_id_ 改为 std::atomic<int>。编译 0 error，ctest 5/5 pass。 | 刘静 (engineer-liu), 陈风 (engineer-chen) |
| 2026-05-27 | W19.3: 验证 F-18.3-1~5 — CEO 复核 plugin_loader.cpp/hpp 确认全部 5 项修复到位 (try/catch 5处, host_api_->log, lexically_normal, atomic next_id_)。编译 0 error，ctest 5/5 pass。| 王测 (qa-wang), 林深 (architect-lin) |
| 2026-05-27 | W19.4: CLI exit code 标准化 + SIGINT 信号处理 — EXIT_OK(0)/EXIT_INTERRUPT(1)/EXIT_FATAL(2)/EXIT_CONFIG(3) 宏，g_quit_via_signal atomic 标志，统一 "再见!" 关闭消息。编译 0 error，ctest 5/5 pass。| 赵码 (engineer-zhao), 朱晴 (designer-zhu) |
| 2026-05-27 | W19.5: CI 双平台矩阵验证 — ci.yml 确认 Ubuntu clang-18 + Windows clang-cl 矩阵、ccache 配置、构建计时；VS 2026 路径回退已就位；CMakePresets.json ci-release preset 验证通过。| 马奔 (devops-ma), 胡桐 (devops-hu) |
| 2026-05-27 | W17.4: F-13.1-2/F-13.1-3 状态 FIXED — my_chat ret!=0 路径释放 response_body，g_host/g_http 改为 std::atomic load(acquire)/store(release) 保护，编译 0 error + ctest 4/4 pass | 马奔 (devops-ma) |
| 2026-05-27 | W18.1: F-11.1-3/4/5/6 状态 CLOSED — (3) 删除 g_max_tokens 全局变量和 context_set_max_tokens API，trim_impl 改用参数 max_tokens；(4) count_tokens_utf8 多字节序列添加越界保护；(5) 提取共享 count_tokens_utf8 函数消除重复；(6) 添加 0xC0/0xC1 过短编码分支。新增 context_plugin_test.cpp 13 测试块覆盖。 | 王测 (qa-wang), 林深 (architect-lin) |
| 2026-05-27 | W19.1: F-18.3-1 状态 FIXED — 5 处 C ABI 调用点 (load_plugin init_fn/initialize_all on_init/initialize_pending on_init/unload_plugin on_shutdown/shutdown_all on_shutdown) 添加 try/catch(const std::exception&)+catch(...) 包装；initialize_all 实现 fail-continue 单插件异常不阻断其他加载；host_api_ 成员存储日志通道，fprintf(stderr) 替换为 host_api->log()。编译 0 error，ctest 5/5 pass。 | 曹武 (security-cao), 徐磊 (qa-xu) |