diff --git a/src/modes/diff.rs b/src/modes/diff.rs index fd842c5..1a6901f 100644 --- a/src/modes/diff.rs +++ b/src/modes/diff.rs @@ -76,26 +76,30 @@ fn setup_diff_paths_and_compression( fn setup_diff_pipes() -> Result<((libc::c_int, libc::c_int), (libc::c_int, libc::c_int)), anyhow::Error> { use nix::unistd::pipe; - use nix::fcntl::{fcntl, FcntlArg, FdFlag}; + use nix::fcntl::OFlag; use nix::Error as NixError; - // Create pipes for diff's input - let (fd_a_read, fd_a_write) = - pipe().map_err(|e: NixError| anyhow::anyhow!("Failed to create pipe A: {}", e))?; - let (fd_b_read, fd_b_write) = - pipe().map_err(|e: NixError| anyhow::anyhow!("Failed to create pipe B: {}", e))?; + // Create pipes for diff's input with CLOEXEC flag + let (fd_a_read, fd_a_write) = pipe2(OFlag::O_CLOEXEC) + .map_err(|e: NixError| anyhow::anyhow!("Failed to create pipe A: {}", e))?; + let (fd_b_read, fd_b_write) = pipe2(OFlag::O_CLOEXEC) + .map_err(|e: NixError| anyhow::anyhow!("Failed to create pipe B: {}", e))?; - // Set FD_CLOEXEC on all file descriptors - fcntl(fd_a_read, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC)) - .map_err(|e| anyhow::anyhow!("Failed to set FD_CLOEXEC on fd_a_read: {}", e))?; - fcntl(fd_a_write, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC)) - .map_err(|e| anyhow::anyhow!("Failed to set FD_CLOEXEC on fd_a_write: {}", e))?; - fcntl(fd_b_read, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC)) - .map_err(|e| anyhow::anyhow!("Failed to set FD_CLOEXEC on fd_b_read: {}", e))?; - fcntl(fd_b_write, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC)) - .map_err(|e| anyhow::anyhow!("Failed to set FD_CLOEXEC on fd_b_write: {}", e))?; + Ok(((fd_a_read, fd_a_write), (fd_b_read, fd_b_write))) +} - Ok(((fd_a_read.into(), fd_a_write.into()), (fd_b_read.into(), fd_b_write.into()))) +// Helper function to create pipes with CLOEXEC flag +fn pipe2(flags: OFlag) -> nix::Result<(i32, i32)> { + use nix::unistd::pipe; + use nix::fcntl::{fcntl, FcntlArg, FdFlag}; + + let (read_fd, write_fd) = pipe()?; + + // Set the flags + fcntl(read_fd, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC))?; + fcntl(write_fd, FcntlArg::F_SETFD(FdFlag::FD_CLOEXEC))?; + + Ok((read_fd, write_fd)) } fn setup_fd_guards(fd_a_read: libc::c_int, fd_b_read: libc::c_int) -> (FdGuard, FdGuard) { diff --git a/src/modes/server/api/item.rs b/src/modes/server/api/item.rs index fe88ae2..b201731 100644 --- a/src/modes/server/api/item.rs +++ b/src/modes/server/api/item.rs @@ -161,7 +161,7 @@ pub async fn handle_post_item( #[utoipa::path( delete, - path = "/api/item/{id}", + path = "/api/item/{item_id}", responses( (status = 200, description = "Successfully deleted item", body = ApiResponse<()>), (status = 401, description = "Unauthorized"), @@ -169,7 +169,7 @@ pub async fn handle_post_item( (status = 500, description = "Internal server error") ), params( - ("id" = i64, Path, description = "ID of the item to delete") + ("item_id" = i64, Path, description = "ID of the item to delete") ), security( ("bearerAuth" = []) @@ -177,29 +177,29 @@ pub async fn handle_post_item( )] pub async fn handle_delete_item( State(state): State, - Path(id): Path, + Path(item_id): Path, headers: HeaderMap, ConnectInfo(addr): ConnectInfo, ) -> Result>, StatusCode> { if !check_auth(&headers, &state.password) { - warn!("Unauthorized request to DELETE /api/item/{} from {}", id, addr); + warn!("Unauthorized request to DELETE /api/item/{} from {}", item_id, addr); return Err(StatusCode::UNAUTHORIZED); } // Validate that item ID is positive to prevent path traversal issues - if id <= 0 { - warn!("Invalid item ID {} from {}", id, addr); + if item_id <= 0 { + warn!("Invalid item ID {} from {}", item_id, addr); return Err(StatusCode::BAD_REQUEST); } let mut conn = state.db.lock().await; - if let Some(item) = db::get_item(&mut *conn, id).map_err(|e| { - warn!("Failed to get item {} for deletion: {}", id, e); + if let Some(item) = db::get_item(&mut *conn, item_id).map_err(|e| { + warn!("Failed to get item {} for deletion: {}", item_id, e); StatusCode::INTERNAL_SERVER_ERROR })? { db::delete_item(&mut *conn, item).map_err(|e| { - warn!("Failed to delete item {}: {}", id, e); + warn!("Failed to delete item {}: {}", item_id, e); StatusCode::INTERNAL_SERVER_ERROR })?;