fix: harden security, eliminate panics, remove dead code, add Dockerfile
Security: - Use constant-time password comparison (subtle crate) to prevent timing attacks - Replace permissive CORS with configurable origin-restricted CORS - Add TLS warning when password auth is used without HTTPS Bug fixes: - Convert MetaPlugin panics to anyhow::Result (get_meta_plugin, outputs_mut, options_mut) - Replace item.id.unwrap() with proper error handling across 15 call sites - Fix panic on unknown column type in list mode - Fix conflicting PIPESIZE constant (was 8192 vs 65536, now unified to 8192) - Add 256MB filter chain buffer limit to prevent OOM - Gracefully skip unregistered plugins instead of panicking Dead code removal: - Delete unused filter parser files (filter_parser.rs, filter.pest, parser/ module) - ~260 lines of dead PEG parser code removed Code consolidation: - Add is_content_binary_from_metadata() helper (was duplicated in 4 places) - Simplify save_item_raw() to delegate to save_item_raw_streaming() (~90 lines removed) Incomplete features: - Populate filter_plugins in status output from global registry - Add FallbackMagicFileMetaPlugin (was referenced but never implemented) - Document init_plugins() as intentional no-op Infrastructure: - Add Dockerfile (static musl binary on scratch, 4.8MB) - Add .dockerignore - Add cors_origin to ServerConfig and config.rs
This commit is contained in:
@@ -10,7 +10,6 @@ pub mod env;
|
||||
pub mod exec;
|
||||
pub mod hostname;
|
||||
pub mod keep_pid;
|
||||
#[cfg(feature = "magic")]
|
||||
pub mod magic_file;
|
||||
pub mod read_rate;
|
||||
pub mod read_time;
|
||||
@@ -179,8 +178,10 @@ impl MetaPlugin for BaseMetaPlugin {
|
||||
/// # Returns
|
||||
///
|
||||
/// A mutable reference to the `HashMap` of outputs.
|
||||
fn outputs_mut(&mut self) -> &mut std::collections::HashMap<String, serde_yaml::Value> {
|
||||
&mut self.outputs
|
||||
fn outputs_mut(
|
||||
&mut self,
|
||||
) -> anyhow::Result<&mut std::collections::HashMap<String, serde_yaml::Value>> {
|
||||
Ok(&mut self.outputs)
|
||||
}
|
||||
|
||||
/// Returns a reference to the options mapping.
|
||||
@@ -197,8 +198,10 @@ impl MetaPlugin for BaseMetaPlugin {
|
||||
/// # Returns
|
||||
///
|
||||
/// A mutable reference to the `HashMap` of options.
|
||||
fn options_mut(&mut self) -> &mut std::collections::HashMap<String, serde_yaml::Value> {
|
||||
&mut self.options
|
||||
fn options_mut(
|
||||
&mut self,
|
||||
) -> anyhow::Result<&mut std::collections::HashMap<String, serde_yaml::Value>> {
|
||||
Ok(&mut self.options)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -424,11 +427,17 @@ where
|
||||
|
||||
/// Returns a mutable reference to the outputs mapping.
|
||||
///
|
||||
/// # Panics
|
||||
/// # Returns
|
||||
///
|
||||
/// Panics with "outputs_mut() not implemented for this plugin".
|
||||
fn outputs_mut(&mut self) -> &mut std::collections::HashMap<String, serde_yaml::Value> {
|
||||
panic!("outputs_mut() not implemented for this plugin")
|
||||
/// A mutable reference to the outputs `HashMap`.
|
||||
///
|
||||
/// # Errors
|
||||
///
|
||||
/// Returns an error if the plugin does not support mutable outputs.
|
||||
fn outputs_mut(
|
||||
&mut self,
|
||||
) -> anyhow::Result<&mut std::collections::HashMap<String, serde_yaml::Value>> {
|
||||
anyhow::bail!("outputs_mut() not supported by this plugin")
|
||||
}
|
||||
|
||||
/// Returns a reference to the options mapping.
|
||||
@@ -445,11 +454,17 @@ where
|
||||
|
||||
/// Returns a mutable reference to the options mapping.
|
||||
///
|
||||
/// # Panics
|
||||
/// # Returns
|
||||
///
|
||||
/// Panics with "options_mut() not implemented for this plugin".
|
||||
fn options_mut(&mut self) -> &mut std::collections::HashMap<String, serde_yaml::Value> {
|
||||
panic!("options_mut() not implemented for this plugin")
|
||||
/// A mutable reference to the options `HashMap`.
|
||||
///
|
||||
/// # Errors
|
||||
///
|
||||
/// Returns an error if the plugin does not support mutable options.
|
||||
fn options_mut(
|
||||
&mut self,
|
||||
) -> anyhow::Result<&mut std::collections::HashMap<String, serde_yaml::Value>> {
|
||||
anyhow::bail!("options_mut() not supported by this plugin")
|
||||
}
|
||||
|
||||
/// Gets the default output names this plugin can produce.
|
||||
@@ -496,12 +511,11 @@ pub fn get_meta_plugin(
|
||||
meta_plugin_type: MetaPluginType,
|
||||
options: Option<std::collections::HashMap<String, serde_yaml::Value>>,
|
||||
outputs: Option<std::collections::HashMap<String, serde_yaml::Value>>,
|
||||
) -> Box<dyn MetaPlugin> {
|
||||
) -> anyhow::Result<Box<dyn MetaPlugin>> {
|
||||
let registry = META_PLUGIN_REGISTRY.lock().unwrap();
|
||||
if let Some(constructor) = registry.get(&meta_plugin_type) {
|
||||
return constructor(options, outputs);
|
||||
return Ok(constructor(options, outputs));
|
||||
}
|
||||
|
||||
// Fallback for unknown plugins
|
||||
panic!("Meta plugin {meta_plugin_type:?} not registered");
|
||||
anyhow::bail!("Meta plugin {meta_plugin_type:?} not registered")
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user