Sulkta-Coop/clawdforge
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
clawdforge/clients/rust/src
History
Kayos ebbd7cc553 clients/rust: apply audit findings — UTF-8 panic + Debug redaction + path-traversal (062d405 → next) 
HIGH:
- H1: truncate() uses floor_char_boundary (was panicking on multibyte boundaries)
- H2: hand-written Debug for Client/ClientBuilder/AppToken redacts bearer (was leaking via dbg!()/tracing)
- H3: revoke_token validates name client-side (rejects path traversal sequences)

MEDIUM:
- M1: From<reqwest::Error> maps timeouts to Error::Timeout (was always Transport)
- M2: revoke_token accepts 2xx empty body (was rejecting RFC-correct 204 No Content)
- M3: tests use assert!(matches!) instead of matches!().then_some().unwrap()
- M4: ClientBuilder.max_upload_bytes optional cap
- M5: lib.rs deny(missing_docs)

LOW:
- L1: cargo fmt
- L2: drop dead AUTHORIZATION import

Audit: memory/clawdforge-audits/rust-062d405.md
2026-04-28 23:26:22 -07:00
..
client.rs clients/rust: apply audit findings — UTF-8 panic + Debug redaction + path-traversal (062d405 → next) 2026-04-28 23:26:22 -07:00
error.rs clients/rust: apply audit findings — UTF-8 panic + Debug redaction + path-traversal (062d405 → next) 2026-04-28 23:26:22 -07:00
lib.rs clients/rust: apply audit findings — UTF-8 panic + Debug redaction + path-traversal (062d405 → next) 2026-04-28 23:26:22 -07:00
types.rs clients/rust: apply audit findings — UTF-8 panic + Debug redaction + path-traversal (062d405 → next) 2026-04-28 23:26:22 -07:00