mirivlad
/
verstak
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
verstak/cmd/verstak-gui
History
mirivlad 4df83cd361 security: стабилизационный аудит Lua plugin system 
Исправления:
- Install: идемпотентность (no duplicates in InstalledPlugins)
- ReloadPlugins: StopSchedulers + CallShutdownHooks перед CloseRuntimes
- StopSchedulers: обнуление scheduler=nil после остановки
- Scheduler.Stop: обнуление tasks после wg.Wait
- Lua sandbox: блокировка package.loadlib/seeall/preload/loaders/loaded/path/cpath/config/searchpath
- Lua sandbox: блокировка load (глобальная функция)
- CallPluginFunction: валидация funcName (regex [a-zA-Z_][a-zA-Z0-9_]*, max 3 segments)
- CallPluginFunction: убрана строковая сборка Lua-кодa, вызов через PCall напрямую
- PluginPage.svelte: проверка e.source === iframeEl.contentWindow
- PluginPage.svelte: type checking для msg.source, msg.action

Тесты:
- security_test.go: 18 новых тестов (sandbox, lifecycle, validation)
- Все существующие тесты проходят

Документация:
- docs/plugins-security.md: модель безопасности, sandbox, протокол, lifecycle
 		2026-06-07 19:19:44 +08:00
..
frontend-dist security: стабилизационный аудит Lua plugin system 2026-06-07 19:19:44 +08:00
app.go feat: ШАГ 2 — Staging-таблица browser_events + Store 2026-06-06 18:27:00 +08:00
bindings_actions.go fix: vault init on startup; add nil guards to all bindings; fix SA_ONSTACK signal crash; deduplicate settings button; add i18n for vault error 2026-06-04 00:37:14 +08:00
bindings_activity.go feat: плагин-система Lua + Calendar reference plugin 2026-06-07 14:59:46 +08:00
bindings_bridge.go feat: плагин-система Lua + Calendar reference plugin 2026-06-07 14:59:46 +08:00
bindings_browser.go feat: ШАГ 4 — UI для browser events в TodayScreen 2026-06-06 18:58:39 +08:00
bindings_capture.go fix: normalize bare URLs in capture flow 2026-06-05 12:29:19 +08:00
bindings_clipboard.go fix: normalize bare URLs in capture flow 2026-06-05 12:29:19 +08:00
bindings_config.go feat: плагин-система Lua + Calendar reference plugin 2026-06-07 14:59:46 +08:00
bindings_debug.go fix: vault init on startup; add nil guards to all bindings; fix SA_ONSTACK signal crash; deduplicate settings button; add i18n for vault error 2026-06-04 00:37:14 +08:00
bindings_files.go fix: vault init on startup; add nil guards to all bindings; fix SA_ONSTACK signal crash; deduplicate settings button; add i18n for vault error 2026-06-04 00:37:14 +08:00
bindings_inbox.go Today screen: tabs (feed, suggestions, in-progress, captured) + inbox sort/group 2026-06-05 16:17:22 +08:00
bindings_links.go fix: normalize bare URLs in capture flow 2026-06-05 12:29:19 +08:00
bindings_nodes.go feat: model inbox capture artifacts 2026-06-05 01:40:08 +08:00
bindings_notes.go fix: vault init on startup; add nil guards to all bindings; fix SA_ONSTACK signal crash; deduplicate settings button; add i18n for vault error 2026-06-04 00:37:14 +08:00
bindings_plugins.go security: стабилизационный аудит Lua plugin system 2026-06-07 19:19:44 +08:00
bindings_settings.go feat: restore global search in app header 2026-06-06 02:39:29 +08:00
bindings_suggest.go feat: aggregate journals across node subtrees 2026-06-05 12:37:25 +08:00
bindings_sync.go fix: vault init on startup; add nil guards to all bindings; fix SA_ONSTACK signal crash; deduplicate settings button; add i18n for vault error 2026-06-04 00:37:14 +08:00
bindings_trash.go fix: trash integrity for TypeFile nodes — file record soft-delete, correct preview/restore 2026-06-05 17:31:18 +08:00
bindings_watcher.go fix: исправление 6 пунктов из ревью 2026-06-07 00:15:34 +08:00
bindings_worklog.go feat: aggregate journals across node subtrees 2026-06-05 12:37:25 +08:00
capture_test.go fix: normalize bare URLs in capture flow 2026-06-05 12:29:19 +08:00
file_manager_test.go test: harden file manager regressions 2026-06-04 19:44:28 +08:00
inbox_test.go feat: resolve inbox links separately 2026-06-05 07:33:10 +08:00
main.go fix: vault init on startup; add nil guards to all bindings; fix SA_ONSTACK signal crash; deduplicate settings button; add i18n for vault error 2026-06-04 00:37:14 +08:00
move_node_test.go fix: tree DnD — correct cycle detection, reactive indicators, canonical reload 2026-06-03 05:27:20 +08:00
settings_test.go fix: keep default templates and plugins folder working 2026-06-04 03:28:32 +08:00
sigfix.go fix: vault init on startup; add nil guards to all bindings; fix SA_ONSTACK signal crash; deduplicate settings button; add i18n for vault error 2026-06-04 00:37:14 +08:00
suggest_test.go feat: aggregate journals across node subtrees 2026-06-05 12:37:25 +08:00
sync_apply.go feat: edit and delete worklog entries 2026-06-05 00:48:12 +08:00
trash_test.go fix: trash integrity for TypeFile nodes — file record soft-delete, correct preview/restore 2026-06-05 17:31:18 +08:00
vault_check.go fix: vault init on startup; add nil guards to all bindings; fix SA_ONSTACK signal crash; deduplicate settings button; add i18n for vault error 2026-06-04 00:37:14 +08:00
vault_layout_test.go fix: avoid outgoing ops during remote template apply 2026-06-04 03:36:44 +08:00
vault_migrate.go fix: vault init on startup; add nil guards to all bindings; fix SA_ONSTACK signal crash; deduplicate settings button; add i18n for vault error 2026-06-04 00:37:14 +08:00
wails.json chore: add wails.json, remove wails3 artifacts, rebuild binaries 2026-06-03 01:48:12 +08:00