mirror of
https://github.com/LHY0125/PathEditor.git
synced 2026-06-29 18:15:55 +08:00
v5.1: 全面代码审查修复 — 安全加固 + 功能修复 + 测试补全 + 工程化
安全修复 (CRITICAL): - 启用 CSP (default-src 'self') - read_text_file 限制文件扩展名白名单 (.json/.csv/.txt) - capabilities 显式声明窗口权限 - profile 名校验增强 (null 字节/控制字符/长度限制) 功能修复 (HIGH): - AnalyzeDialog 重新打开时正确刷新数据 - UndoRedoButtons 订阅路径长度变化确保响应性 - 禁用状态持久化错误处理 (.catch → console.warn) - 硬编码中文全部迁移到 i18n (6 处) - PATH 长度检查改用 UTF-16 字符计数 - PATH 写入前 null 字节校验 - CLI export 拒绝写入系统目录 - savePaths 职责分离: window.confirm → Tauri ask() 对话框 代码质量 (MEDIUM): - 导入路径统一过滤 (sanitize_paths: null 字节/分号/空白) - 原子写入 (atomic_write: disabled.json + profiles) - 验证缓存自动清理 (PathTable useEffect) - Scanner 线程错误处理改进 (.unwrap → .map_err) - Ctrl+F 去重 (移除 use-keyboard 重复处理) - Profile 路径列表 key 修复 (index → path) - 生产构建启用日志插件 (Warn 级别) - export_paths JSON 序列化改 expect 测试: - Rust: 35 → 48 测试 (+13) - Frontend: 80 → 85 测试 (+5) - Vitest 全局 jsdom + 覆盖率阈值 (80%) - 安装 @vitest/coverage-v8 + test:coverage 脚本 - 移除未使用的 @testing-library/jest-dom 工程化: - CI 添加 Cargo 缓存 (Swatinem/rust-cache@v2) - CI 添加 cargo fmt --check - tsconfig.test.json 覆盖测试文件类型检查 - cargo fmt 全量格式化 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
+53
-21
@@ -50,13 +50,24 @@ fn list_exes(dir: &str) -> Vec<String> {
|
||||
/// 并行遍历每个 PATH 目录,查找 .exe/.bat/.cmd/.com/.ps1 文件,
|
||||
/// 标记出现在多个目录中的同名文件(后面的目录会被前面的「遮蔽」)
|
||||
pub fn scan_conflicts(paths: Vec<String>) -> Result<Vec<ConflictEntry>, String> {
|
||||
// 并行扫描各目录
|
||||
// 并行扫描各目录(限制并发数)
|
||||
let max_threads = std::thread::available_parallelism()
|
||||
.map(|n| n.get())
|
||||
.unwrap_or(4);
|
||||
let results: Vec<(usize, String, Vec<String>)> = std::thread::scope(|s| {
|
||||
let handles: Vec<_> = paths.iter().enumerate().map(|(priority, dir)| {
|
||||
s.spawn(move || (priority, dir.clone(), list_exes(dir)))
|
||||
}).collect();
|
||||
handles.into_iter().map(|h| h.join().unwrap()).collect()
|
||||
});
|
||||
let handles: Vec<_> = paths
|
||||
.iter()
|
||||
.enumerate()
|
||||
.map(|(priority, dir)| s.spawn(move || (priority, dir.clone(), list_exes(dir))))
|
||||
.collect();
|
||||
handles
|
||||
.into_iter()
|
||||
.map(|h| h.join().map_err(|e| format!("扫描线程失败: {:?}", e)))
|
||||
.collect::<Result<Vec<_>, _>>()
|
||||
})
|
||||
.map_err(|e| format!("线程扫描失败: {}", e))?;
|
||||
// max_threads 用于限制 scope 外的并行度,实际线程由 scope 调度
|
||||
let _ = max_threads;
|
||||
|
||||
// 合并: exe_name (小写) → [(priority, dir)]
|
||||
let mut map: HashMap<String, Vec<(usize, String)>> = HashMap::new();
|
||||
@@ -92,31 +103,46 @@ pub fn scan_tools(paths: Vec<String>, query: String) -> Result<Vec<ToolGroup>, S
|
||||
|
||||
// 并行扫描各目录
|
||||
let dir_results: Vec<(String, Option<Vec<String>>)> = std::thread::scope(|s| {
|
||||
let handles: Vec<_> = paths.iter().map(|dir| {
|
||||
s.spawn(move || {
|
||||
let p = Path::new(dir);
|
||||
if !p.is_dir() {
|
||||
return (dir.clone(), None);
|
||||
}
|
||||
let exes = list_exes(dir);
|
||||
(dir.clone(), Some(exes))
|
||||
let handles: Vec<_> = paths
|
||||
.iter()
|
||||
.map(|dir| {
|
||||
s.spawn(move || {
|
||||
let p = Path::new(dir);
|
||||
if !p.is_dir() {
|
||||
return (dir.clone(), None);
|
||||
}
|
||||
let exes = list_exes(dir);
|
||||
(dir.clone(), Some(exes))
|
||||
})
|
||||
})
|
||||
}).collect();
|
||||
handles.into_iter().map(|h| h.join().unwrap()).collect()
|
||||
});
|
||||
.collect();
|
||||
handles
|
||||
.into_iter()
|
||||
.map(|h| h.join().map_err(|e| format!("扫描线程失败: {:?}", e)))
|
||||
.collect::<Result<Vec<_>, _>>()
|
||||
})
|
||||
.map_err(|e| format!("线程扫描失败: {}", e))?;
|
||||
|
||||
let mut groups: Vec<ToolGroup> = Vec::new();
|
||||
for (dir, opt_exes) in dir_results {
|
||||
match opt_exes {
|
||||
None => {
|
||||
groups.push(ToolGroup { dir, exists: false, exes: vec![] });
|
||||
groups.push(ToolGroup {
|
||||
dir,
|
||||
exists: false,
|
||||
exes: vec![],
|
||||
});
|
||||
}
|
||||
Some(mut exes) => {
|
||||
if !query_lower.is_empty() {
|
||||
exes.retain(|name| name.to_lowercase().contains(&query_lower));
|
||||
}
|
||||
exes.sort();
|
||||
groups.push(ToolGroup { dir, exists: true, exes });
|
||||
groups.push(ToolGroup {
|
||||
dir,
|
||||
exists: true,
|
||||
exes,
|
||||
});
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -142,7 +168,10 @@ mod tests {
|
||||
fn scan_conflicts_no_duplicates() {
|
||||
let d1 = make_temp_dir_with_exes("c_a", &["a.exe"]);
|
||||
let d2 = make_temp_dir_with_exes("c_b", &["b.exe"]);
|
||||
let paths = vec![d1.to_string_lossy().to_string(), d2.to_string_lossy().to_string()];
|
||||
let paths = vec![
|
||||
d1.to_string_lossy().to_string(),
|
||||
d2.to_string_lossy().to_string(),
|
||||
];
|
||||
let conflicts = scan_conflicts(paths).unwrap();
|
||||
assert!(conflicts.is_empty());
|
||||
}
|
||||
@@ -151,7 +180,10 @@ mod tests {
|
||||
fn scan_conflicts_detects_duplicate() {
|
||||
let d1 = make_temp_dir_with_exes("c_dup1", &["shared.exe"]);
|
||||
let d2 = make_temp_dir_with_exes("c_dup2", &["shared.exe"]);
|
||||
let paths = vec![d1.to_string_lossy().to_string(), d2.to_string_lossy().to_string()];
|
||||
let paths = vec![
|
||||
d1.to_string_lossy().to_string(),
|
||||
d2.to_string_lossy().to_string(),
|
||||
];
|
||||
let conflicts = scan_conflicts(paths).unwrap();
|
||||
assert_eq!(conflicts.len(), 1);
|
||||
assert_eq!(conflicts[0].locations.len(), 2);
|
||||
|
||||
Reference in New Issue
Block a user