fix(security): Fix unsafe code, CORS logic, and expect usage

2026-02-19 12:06:05 +00:00 · 2026-02-19 12:06:05 +00:00 · ac5b814536
commit ac5b814536
parent d7211a6c19
3 changed files with 3 additions and 3 deletions
--- a/src/core/shared/utils.rs
+++ b/src/core/shared/utils.rs
@ -199,7 +199,7 @@ pub async fn download_file(url: &str, output_path: &str) -> Result<(), anyhow::E
            let pb = ProgressBar::new(total_size);
            pb.set_style(ProgressStyle::default_bar()
                .template("{msg}\n{spinner:.green} [{elapsed_precise}] [{bar:40.cyan/blue}] {bytes}/{total_bytes} ({eta})")
-                .expect("Invalid progress bar template")
+                .unwrap_or(ProgressStyle::default_bar())
                .progress_chars("#>-"));
            pb.set_message(format!("Downloading {}", url));
            let mut file = TokioFile::create(&output_path).await?;
--- a/src/llm/rate_limiter.rs
+++ b/src/llm/rate_limiter.rs
@ -96,7 +96,7 @@ impl ApiRateLimiter {
    pub fn new(limits: RateLimits) -> Self {
        // Requests per minute limiter
        let rpm_quota = NonZeroU32::new(limits.requests_per_minute)
-            .unwrap_or_else(|| unsafe { NonZeroU32::new_unchecked(1) });
+            .unwrap_or_else(|| NonZeroU32::new(1).unwrap());
        let requests_per_minute = Arc::new(RateLimiter::direct(Quota::per_minute(rpm_quota)));

        // Tokens per minute (using semaphore as we need to track token count)
--- a/src/security/cors.rs
+++ b/src/security/cors.rs
@ -308,7 +308,7 @@ fn is_valid_origin_format(origin: &str) -> bool {
        return false;
    }

-    if origin.contains("..") || origin.contains("//", ) && origin.matches("//").count() > 1 {
+    if origin.contains("..") || origin.matches("//").count() > 1 {
        return false;
    }