fix: harden security, eliminate panics, remove dead code, add Dockerfile
Security: - Use constant-time password comparison (subtle crate) to prevent timing attacks - Replace permissive CORS with configurable origin-restricted CORS - Add TLS warning when password auth is used without HTTPS Bug fixes: - Convert MetaPlugin panics to anyhow::Result (get_meta_plugin, outputs_mut, options_mut) - Replace item.id.unwrap() with proper error handling across 15 call sites - Fix panic on unknown column type in list mode - Fix conflicting PIPESIZE constant (was 8192 vs 65536, now unified to 8192) - Add 256MB filter chain buffer limit to prevent OOM - Gracefully skip unregistered plugins instead of panicking Dead code removal: - Delete unused filter parser files (filter_parser.rs, filter.pest, parser/ module) - ~260 lines of dead PEG parser code removed Code consolidation: - Add is_content_binary_from_metadata() helper (was duplicated in 4 places) - Simplify save_item_raw() to delegate to save_item_raw_streaming() (~90 lines removed) Incomplete features: - Populate filter_plugins in status output from global registry - Add FallbackMagicFileMetaPlugin (was referenced but never implemented) - Document init_plugins() as intentional no-op Infrastructure: - Add Dockerfile (static musl binary on scratch, 4.8MB) - Add .dockerignore - Add cors_origin to ServerConfig and config.rs
This commit is contained in:
13
src/lib.rs
13
src/lib.rs
@@ -62,8 +62,13 @@ use crate::meta_plugin::magic_file;
|
||||
|
||||
/// Initializes plugins at library load time.
|
||||
///
|
||||
/// Ensures all filter and meta plugins are registered via their ctors.
|
||||
/// Call this early in application startup if needed (though ctors handle most cases).
|
||||
/// Plugin registration happens automatically via `#[ctor]` constructors
|
||||
/// when each plugin module is loaded. The explicit module imports in
|
||||
/// `lib.rs` guarantee this happens at library initialization time.
|
||||
///
|
||||
/// This function exists as a public API entry point for callers that
|
||||
/// want to explicitly ensure plugins are ready. It intentionally does
|
||||
/// no additional work.
|
||||
///
|
||||
/// # Examples
|
||||
///
|
||||
@@ -71,8 +76,8 @@ use crate::meta_plugin::magic_file;
|
||||
/// keep::init_plugins();
|
||||
/// ```
|
||||
pub fn init_plugins() {
|
||||
// This will be expanded in Step 3 implementation
|
||||
// For now, the ctors handle registration
|
||||
// Plugins self-register via #[ctor] on module load.
|
||||
// The use-statements in lib.rs guarantee module inclusion.
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
|
||||
Reference in New Issue
Block a user