Title: fix: repo-wide correctness, security & filesystem-safety hardening pass (v3.2.0) by mikolalysenko · Pull Request #92 · SocketDev/socket-patch · GitHub
Open Graph Title: fix: repo-wide correctness, security & filesystem-safety hardening pass (v3.2.0) by mikolalysenko · Pull Request #92 · SocketDev/socket-patch
X Title: fix: repo-wide correctness, security & filesystem-safety hardening pass (v3.2.0) by mikolalysenko · Pull Request #92 · SocketDev/socket-patch
Description: Summary A repo-wide review where every source file in both crates was read line by line, the bugs found were fixed, and regression tests were added throughout. The audit harness that drove it is included (scripts/study-crates.ts); per-file write-ups are in the (gitignored) study-output/SUMMARY.md. Net: 90 source files touched, ~10k lines added (mostly tests). Version bumped 3.1.0 → 3.2.0 (minor) across Cargo / npm / PyPI manifests. Security Path-traversal in archive extraction (patch/package.rs): validated the raw tar path but wrote the package/-stripped one, so package//etc/passwd escaped the package tree. Now validates the normalized path actually written. Unbounded preallocation from an untrusted delta header (patch/diff.rs): the bsdiff target-size field (never validated by qbsdiff) fed Vec::with_capacity; a tiny hostile delta could abort the process. Clamped to 64 MiB. Evidence-free VEX attestation (vex/verify.rs): zero-file patches reported applied; now omitted as no_files. Filesystem safety / atomicity / rollback apply: DirWriteGuard for read-only dirs (Go cache 0o555), chown-before-chmod to preserve setuid/setgid, parent-dir fsync after rename. cow: atomic rename-over-symlink (no destructive pre-unlink), stage cleanup on every error arm. rollback: now delegates to the hardened apply_file_patch; AlreadyOriginal checked before the blob lookup; read-only-dir new-file delete. file_hash/git_sha256: open-once + fstat (closes a TOCTOU), regular-file guard, streamed size/body mismatch detection. cargo/nuget sidecars: hardened atomic writes/deletes in read-only registry caches. cleanup_blobs: symlink-tolerant, accurate "checked" count. apply_lock: genuine flock errors surface as Io (not Held); sleep clamped to remaining budget. Crawlers (on-disk layout & metadata) Composer v-prefix + malformed-entry tolerance; Go cache-at-root / version case-encoding / GOPATH list / module directive; npm symlink following + nested-recursion guard; NuGet global-cache version casing; Python macOS framework layout + .dist-info dir-name fallback; Deno macOS cache path / XDG_CACHE_HOME / empty DENO_DIR; Maven XML-comment stripping + skip-section depth; Cargo TOML header tolerance + dir-name version split; shared utils/fs::entry_is_dir follows symlinks. API client, commands & misc Proxy-url override honored on binary downloads; deterministic org/title/batch-flag selection; case-insensitive hash compare. USER_AGENT + telemetry version now track CARGO_PKG_VERSION (were stale 1.0/1.0.0). apply release-variant NotFound spurious-failure fix; get/scan/remove char-safe truncation (UTF-8 panic); setup/repair honest non-zero exit codes + failure telemetry; rollback no-op miscount; unlock released-snapshot; vex qualified PyPI/Gem/Maven PURL resolution. package.json: non-object root/scripts no-panic, workspace dedup, bare/deep glob support, inline-comment stripping, top-level key-order preservation (preserve_order). Smaller: deterministic list ordering, case-insensitive fuzzy_match tie-break, json_envelope status invariant + oldUuid, lock_cli sub-second timeout, VEX schema/product fixes. Tests Hundreds of regression tests added across all reviewed modules. Updated two stale e2e expectations that codified pre-fix behavior: repair_with_blob_404_marks_failure_in_summary → now asserts exit 1 (repair correctly fails on partial download failure). crawler_python_e2e missing/malformed-METADATA cases → now assert the dir-name fallback recovers the package (and a genuinely unparseable name still skips). Full suite green with --features cargo. Notes The 33 MB generated study-output/ (raw session logs + SUMMARY) is not committed; added to .gitignore. The audit harness scripts are committed for reuse in future studies. 🤖 Generated with Claude Code
Open Graph Description: Summary A repo-wide review where every source file in both crates was read line by line, the bugs found were fixed, and regression tests were added throughout. The audit harness that drove it is in...
X Description: Summary A repo-wide review where every source file in both crates was read line by line, the bugs found were fixed, and regression tests were added throughout. The audit harness that drove it is in...
Opengraph URL: https://github.com/SocketDev/socket-patch/pull/92
X: @github
Domain: github.com
| route-pattern | /:user_id/:repository/pull/:id/files(.:format) |
| route-controller | pull_requests |
| route-action | files |
| fetch-nonce | v2:36f8a1fa-3462-9975-2378-ccd067d7a80e |
| current-catalog-service-hash | ae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b |
| request-id | BAE4:1691AA:219FFD7:2E03D05:6A4F37EE |
| html-safe-nonce | e45fece29e47455d28ac8df6228aa9659bc5f1da0ff4dce2d1c4198ac86b993e |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJCQUU0OjE2OTFBQToyMTlGRkQ3OjJFMDNEMDU6NkE0RjM3RUUiLCJ2aXNpdG9yX2lkIjoiNDMzOTYwMzI0MzYyMzQ2Mjg5NCIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9 |
| visitor-hmac | d821a1d11ba29d3b4ea9868fd4a9083176888be6a4768d335b4dcdaa9b123298 |
| hovercard-subject-tag | pull_request:3769143476 |
| github-keyboard-shortcuts | repository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/SocketDev/socket-patch/pull/92/files |
| twitter:image | https://avatars.githubusercontent.com/u/231686?s=400&v=4 |
| twitter:card | summary_large_image |
| og:image | https://avatars.githubusercontent.com/u/231686?s=400&v=4 |
| og:image:alt | Summary A repo-wide review where every source file in both crates was read line by line, the bugs found were fixed, and regression tests were added throughout. The audit harness that drove it is in... |
| og:site_name | GitHub |
| og:type | object |
| hostname | github.com |
| expected-hostname | github.com |
| None | b92d11c0aa4a77d54ef4af1078b6a15fb5a70a215b30c4ecf28889d5a8e656d9 |
| turbo-cache-control | no-preview |
| diff-view | unified |
| go-import | github.com/SocketDev/socket-patch git https://github.com/SocketDev/socket-patch.git |
| octolytics-dimension-user_id | 69326764 |
| octolytics-dimension-user_login | SocketDev |
| octolytics-dimension-repository_id | 1093661456 |
| octolytics-dimension-repository_nwo | SocketDev/socket-patch |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 1093661456 |
| octolytics-dimension-repository_network_root_nwo | SocketDev/socket-patch |
| turbo-body-classes | logged-out env-production page-responsive full-width |
| disable-turbo | true |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 4b249b445842943ed31549e027f57a8ade9881ed |
| ui-target | canary-2 |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width