gb/prompts/SECURITY_REVIEW.md

Security Review Task List

1. Unsafe Unwraps in Production (Violates AGENTS.md Error Handling Rules)

The AGENTS.md explicitly forbids the use of .unwrap(), .expect(), panic!(), todo!(), and unimplemented!() in production code. A search of the codebase revealed several instances of unwrap() being used in non-test contexts.

Vulnerable Locations:

• botserver/src/drive/drive_handlers.rs:269 - Contains a .unwrap() call during Response::builder() generation, which could panic in production.
• botserver/src/basic/compiler/mod.rs - Contains unwrap() usages outside test boundaries.
• botserver/src/llm/llm_models/deepseek_r3.rs - Contains unwrap() usages outside test boundaries.
• botserver/src/botmodels/opencv.rs - Test scopes use unwrap(), but please audit carefully for any leaks to production scope.

Action:

• Replace all .unwrap() occurrences with safe alternatives (?, unwrap_or_default(), or pattern matching with early returns) and use ErrorSanitizer to avoid panics.

2. Dependency Vulnerabilities (Found by cargo audit)

Running cargo audit uncovered a reported vulnerability inside the dependency tree.

Vulnerable Component:

• Crate: glib
• Version: 0.18.5
• Advisory ID: RUSTSEC-2024-0429
• Title: Unsoundness in Iterator and DoubleEndedIterator impls for glib::VariantStrIter
• Dependency Tree context: It's pulled through botdevice and botapp via Tauri plugins and GTK dependencies.

Action:

• Review dependencies and upgrade the GTK/Glib ecosystem dependencies if patches are available, or evaluate the exact usage to assess the direct risk given the desktop GUI context.

3. General Posture Alignment

• Ensure all new state-changing endpoints are correctly shielded by the custom CSRF store (redis_csrf_store.rs). Verification is recommended as standard tower-csrf is absent from Cargo.toml.
• Confirm security headers (Content-Security-Policy via headers.rs) are indeed attached universally in botserver and not selectively omitted in new modules.