v5.1: 全面代码审查修复 — 安全加固 + 功能修复 + 测试补全 + 工程化

安全修复 (CRITICAL): - 启用 CSP (default-src 'self') - read_text_file 限制文件扩展名白名单 (.json/.csv/.txt) - capabilities 显式声明窗口权限 - profile 名校验增强 (null 字节/控制字符/长度限制) 功能修复 (HIGH): - AnalyzeDialog 重新打开时正确刷新数据 - UndoRedoButtons 订阅路径长度变化确保响应性 - 禁用状态持久化错误处理 (.catch → console.warn) - 硬编码中文全部迁移到 i18n (6 处) - PATH 长度检查改用 UTF-16 字符计数 - PATH 写入前 null 字节校验 - CLI export 拒绝写入系统目录 - savePaths 职责分离: window.confirm → Tauri ask() 对话框代码质量 (MEDIUM): - 导入路径统一过滤 (sanitize_paths: null 字节/分号/空白) - 原子写入 (atomic_write: disabled.json + profiles) - 验证缓存自动清理 (PathTable useEffect) - Scanner 线程错误处理改进 (.unwrap → .map_err) - Ctrl+F 去重 (移除 use-keyboard 重复处理) - Profile 路径列表 key 修复 (index → path) - 生产构建启用日志插件 (Warn 级别) - export_paths JSON 序列化改 expect 测试: - Rust: 35 → 48 测试 (+13) - Frontend: 80 → 85 测试 (+5) - Vitest 全局 jsdom + 覆盖率阈值 (80%) - 安装 @vitest/coverage-v8 + test:coverage 脚本 - 移除未使用的 @testing-library/jest-dom 工程化: - CI 添加 Cargo 缓存 (Swatinem/rust-cache@v2) - CI 添加 cargo fmt --check - tsconfig.test.json 覆盖测试文件类型检查 - cargo fmt 全量格式化 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-28 17:25:54 +08:00 · 2026-05-29 23:17:27 +08:00
parent 5c73321ce6
commit cbf99f12fd
40 changed files with 937 additions and 324 deletions
@@ -1,3 +1,3 @@
 fn main() {
-  tauri_build::build()
+    tauri_build::build()
 }
@@ -1,12 +1,22 @@
 {
  "$schema": "../gen/schemas/desktop-schema.json",
  "identifier": "default",
-  "description": "enables the default permissions",
+  "description": "PathEditor main window capabilities",
  "windows": [
    "main"
  ],
  "permissions": [
    "core:default",
-    "dialog:default"
+    "core:window:allow-set-title",
+    "core:window:allow-close",
+    "core:window:allow-minimize",
+    "core:window:allow-start-dragging",
+    "core:window:allow-is-minimized",
+    "core:window:allow-set-focus",
+    "core:event:default",
+    "dialog:default",
+    "dialog:allow-open",
+    "dialog:allow-save",
+    "log:default"
  ]
 }
@@ -1,6 +1,10 @@
 use path_editor_core::backup;

 #[tauri::command]
-pub fn backup_registry(custom_dir: Option<String>) -> Result<String, String> { backup::backup_registry(custom_dir) }
+pub fn backup_registry(custom_dir: Option<String>) -> Result<String, String> {
+    backup::backup_registry(custom_dir)
+}
 #[tauri::command]
-pub fn get_appdata_dir() -> String { backup::get_appdata_dir() }
+pub fn get_appdata_dir() -> String {
+    backup::get_appdata_dir()
+}
@@ -1,6 +1,10 @@
 use path_editor_core::disabled;

 #[tauri::command]
-pub fn save_disabled_state(system: Vec<String>, user: Vec<String>) -> Result<(), String> { disabled::save_disabled_state(system, user) }
+pub fn save_disabled_state(system: Vec<String>, user: Vec<String>) -> Result<(), String> {
+    disabled::save_disabled_state(system, user)
+}
 #[tauri::command]
-pub fn load_disabled_state() -> Result<(Vec<String>, Vec<String>), String> { disabled::load_disabled_state() }
+pub fn load_disabled_state() -> Result<(Vec<String>, Vec<String>), String> {
+    disabled::load_disabled_state()
+}
@@ -1,4 +1,6 @@
 use path_editor_core::fs;

 #[tauri::command]
-pub fn read_text_file(path: &str) -> Result<String, String> { fs::read_text_file(path) }
+pub fn read_text_file(path: &str) -> Result<String, String> {
+    fs::read_text_file(path)
+}
@@ -1,12 +1,26 @@
 use path_editor_core::profiles;

 #[tauri::command]
-pub fn list_profiles() -> Result<Vec<profiles::ProfileMeta>, String> { profiles::list_profiles() }
+pub fn list_profiles() -> Result<Vec<profiles::ProfileMeta>, String> {
+    profiles::list_profiles()
+}
 #[tauri::command]
-pub fn save_profile(name: String, sys: Vec<profiles::ProfilePathEntry>, user: Vec<profiles::ProfilePathEntry>) -> Result<(), String> { profiles::save_profile(&name, sys, user) }
+pub fn save_profile(
+    name: String,
+    sys: Vec<profiles::ProfilePathEntry>,
+    user: Vec<profiles::ProfilePathEntry>,
+) -> Result<(), String> {
+    profiles::save_profile(&name, sys, user)
+}
 #[tauri::command]
-pub fn load_profile(name: String) -> Result<profiles::ProfileData, String> { profiles::load_profile(&name) }
+pub fn load_profile(name: String) -> Result<profiles::ProfileData, String> {
+    profiles::load_profile(&name)
+}
 #[tauri::command]
-pub fn delete_profile(name: String) -> Result<(), String> { profiles::delete_profile(&name) }
+pub fn delete_profile(name: String) -> Result<(), String> {
+    profiles::delete_profile(&name)
+}
 #[tauri::command]
-pub fn rename_profile(old_name: String, new_name: String) -> Result<(), String> { profiles::rename_profile(&old_name, &new_name) }
+pub fn rename_profile(old_name: String, new_name: String) -> Result<(), String> {
+    profiles::rename_profile(&old_name, &new_name)
+}
@@ -1,10 +1,18 @@
 use path_editor_core::registry;

 #[tauri::command]
-pub fn load_system_paths() -> Result<Vec<String>, String> { registry::load_system_paths() }
+pub fn load_system_paths() -> Result<Vec<String>, String> {
+    registry::load_system_paths()
+}
 #[tauri::command]
-pub fn load_user_paths() -> Result<Vec<String>, String> { registry::load_user_paths() }
+pub fn load_user_paths() -> Result<Vec<String>, String> {
+    registry::load_user_paths()
+}
 #[tauri::command]
-pub fn save_system_paths(paths: Vec<String>) -> Result<(), String> { registry::save_system_paths(paths) }
+pub fn save_system_paths(paths: Vec<String>) -> Result<(), String> {
+    registry::save_system_paths(paths)
+}
 #[tauri::command]
-pub fn save_user_paths(paths: Vec<String>) -> Result<(), String> { registry::save_user_paths(paths) }
+pub fn save_user_paths(paths: Vec<String>) -> Result<(), String> {
+    registry::save_user_paths(paths)
+}
@@ -1,6 +1,10 @@
 use path_editor_core::scanner;

 #[tauri::command]
-pub fn scan_conflicts(paths: Vec<String>) -> Result<Vec<scanner::ConflictEntry>, String> { scanner::scan_conflicts(paths) }
+pub fn scan_conflicts(paths: Vec<String>) -> Result<Vec<scanner::ConflictEntry>, String> {
+    scanner::scan_conflicts(paths)
+}
 #[tauri::command]
-pub fn scan_tools(paths: Vec<String>, query: String) -> Result<Vec<scanner::ToolGroup>, String> { scanner::scan_tools(paths, query) }
+pub fn scan_tools(paths: Vec<String>, query: String) -> Result<Vec<scanner::ToolGroup>, String> {
+    scanner::scan_tools(paths, query)
+}
@@ -1,10 +1,18 @@
 use path_editor_core::system;

 #[tauri::command]
-pub fn check_admin() -> bool { system::check_admin() }
+pub fn check_admin() -> bool {
+    system::check_admin()
+}
 #[tauri::command]
-pub fn validate_path(path: &str) -> bool { system::validate_path(path) }
+pub fn validate_path(path: &str) -> bool {
+    system::validate_path(path)
+}
 #[tauri::command]
-pub fn expand_env_vars(path: &str) -> String { system::expand_env_vars(path) }
+pub fn expand_env_vars(path: &str) -> String {
+    system::expand_env_vars(path)
+}
 #[tauri::command]
-pub fn broadcast_env_change() { system::broadcast_env_change() }
+pub fn broadcast_env_change() {
+    system::broadcast_env_change()
+}
@@ -5,13 +5,13 @@ pub fn run() {
    tauri::Builder::default()
        .plugin(tauri_plugin_dialog::init())
        .setup(|app| {
-            if cfg!(debug_assertions) {
-                app.handle().plugin(
-                    tauri_plugin_log::Builder::default()
-                        .level(log::LevelFilter::Info)
-                        .build(),
-                )?;
-            }
+            let level = if cfg!(debug_assertions) {
+                log::LevelFilter::Info
+            } else {
+                log::LevelFilter::Warn
+            };
+            app.handle()
+                .plugin(tauri_plugin_log::Builder::default().level(level).build())?;
            Ok(())
        })
        .invoke_handler(tauri::generate_handler![
@@ -2,5 +2,5 @@
 #![cfg_attr(not(debug_assertions), windows_subsystem = "windows")]

 fn main() {
-  app_lib::run();
+    app_lib::run();
 }