GeneralBots/gb
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update: sync for alm
Some checks failed
BotServer CI / build (push) Failing after 4s
Details

Browse source
This commit is contained in:
Rodrigo Rodriguez (Pragmatismo) 2026-02-20 18:54:23 -03:00
parent f0e0553966
commit 1d0c9ccdb8
12 changed files with 52 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
botapp

@ -1 +1 @@
Subproject commit 66ea6cffbc98b4c10449104806a80d368e3460d4 Subproject commit 532c8cf38d5a24164c21d577ca52101606335712

2
botbook

@ -1 +1 @@
Subproject commit cb84ad2b5686cff7cf4ff413144c35231c4c6942 Subproject commit 5b6e9d7208109784f055007615feea06a33ffc11

2
botdevice

@ -1 +1 @@
Subproject commit 7a5dab5bab38b2820b61c3e4bf33bd3558c33f85 Subproject commit f8e52bacd2c197ce14e5814f284d34432c71aef2

2
botlib

@ -1 +1 @@
Subproject commit 48dd1155ba75c5cf1425b38f1da2aad4cb75e74a Subproject commit de729e9e53b63fe21d791cbc8d53882a7e0ac69b

2
botmodels

@ -1 +1 @@
Subproject commit 22a1954fac2f87a0a13b5e599771273172afc73a Subproject commit e37554087e8ead3ced2a95847a1fa8e2a1bb4448

2
botplugin

@ -1 +1 @@
Subproject commit 17a3caebabddbe843c2b7fd93f624b0ccd9c44fb Subproject commit 1727e48307fdb7b54c726af8cd6b12669764e908

2
botserver

@ -1 +1 @@
Subproject commit 66a78912e31f5aa24a8c3dcbd4d0edbdc8abd745 Subproject commit e9dce534120e2721c51ea7a1f7959425c5844757

2
bottemplates

@ -1 +1 @@
Subproject commit b01ee95c7b7d5c8ff69dd2d1bdfe6932762a80c8 Subproject commit 3595e5ff641db788d0b23ae7c422ffd875694222

2
bottest

@ -1 +1 @@
Subproject commit a35f70ab3dcc9ee3ccebbc13c09254cab4aa524a Subproject commit d03e13d2eb77ed0343509e0b55f50d17d511c612

2
botui

@ -1 +1 @@
Subproject commit 138ad31a3292aef19c57b6ff4d75ee7a77bede6a Subproject commit 093f417ff72aee9a43448425e18e9249348649d0

12
push_all.sh Executable file
View file

@ -0,0 +1,12 @@
for dir in botapp botserver botlib botui botbook bottest botdevice botmodels botplugin bottemplates .github; do
echo "--- Processing $dir ---"
cd $dir
git add -u
git commit -m "update: sync for alm" || true
ORIGIN_URL=$(git config --get remote.origin.url)
REPO_NAME=$(basename $ORIGIN_URL)
git remote remove alm 2>/dev/null || true
git remote add alm "https://alm.pragmatismo.com.br/GeneralBots/$REPO_NAME"
git push alm HEAD:main || git push alm HEAD:master || echo "Failed to push $dir"
cd ..
done

30
task.md Normal file
View file

@ -0,0 +1,30 @@
# Security Review Task List
## 1. Unsafe Unwraps in Production (Violates AGENTS.md Error Handling Rules)
The `AGENTS.md` explicitly forbids the use of `.unwrap()`, `.expect()`, `panic!()`, `todo!()`, and `unimplemented!()` in production code. A search of the codebase revealed several instances of `unwrap()` being used in non-test contexts.
**Vulnerable Locations:**
- `botserver/src/drive/drive_handlers.rs:269` - Contains a `.unwrap()` call during `Response::builder()` generation, which could panic in production.
- `botserver/src/basic/compiler/mod.rs` - Contains `unwrap()` usages outside test boundaries.
- `botserver/src/llm/llm_models/deepseek_r3.rs` - Contains `unwrap()` usages outside test boundaries.
- `botserver/src/botmodels/opencv.rs` - Test scopes use `unwrap()`, but please audit carefully for any leaks to production scope.
**Action:**
- Replace all `.unwrap()` occurrences with safe alternatives (`?`, `unwrap_or_default()`, or pattern matching with early returns) and use `ErrorSanitizer` to avoid panics.
## 2. Dependency Vulnerabilities (Found by cargo audit)
Running `cargo audit` uncovered a reported vulnerability inside the dependency tree.
**Vulnerable Component:**
- **Crate:** `glib`
- **Version:** `0.18.5`
- **Advisory ID:** `RUSTSEC-2024-0429`
- **Title:** Unsoundness in `Iterator` and `DoubleEndedIterator` impls for `glib::VariantStrIter`
- **Dependency Tree context:** It's pulled through `botdevice` and `botapp` via Tauri plugins and GTK dependencies.
**Action:**
- Review dependencies and upgrade the GTK/Glib ecosystem dependencies if patches are available, or evaluate the exact usage to assess the direct risk given the desktop GUI context.
## 3. General Posture Alignment
- Ensure all new state-changing endpoints are correctly shielded by the custom CSRF store (`redis_csrf_store.rs`). Verification is recommended as standard `tower-csrf` is absent from `Cargo.toml`.
- Confirm security headers (`Content-Security-Policy` via `headers.rs`) are indeed attached universally in `botserver` and not selectively omitted in new modules.