Skip to content

Commit 851406d

Browse files
JusterZhuclaude
JusterZhu
and
claude
authored
fix: 配置模块可靠性加固 (#88)
* fix: harden config module against corruption, I/O failures, and silent data loss Risks discovered in security review and their mitigations: 1. [HIGH] Invalid enum deserialization from manual JSON edits - Add AppConfig.Sanitize() + AuthCredential.Sanitize() to repair invalid AuthScheme values and null nested objects on load 2. [HIGH] Narrow exception catch in Load() — only caught JsonException - Expanded to catch IOException + UnauthorizedAccessException to handle disk-full and permission-denied scenarios gracefully 3. [HIGH] Fire-and-forget SaveAsync exceptions silently lost - Added ConfigService.SafeFireAndForgetSave() that logs failures to Trace - Updated all 12 fire-and-forget call sites in App + 4 ViewModels 4. [MEDIUM] Unnecessary disk write on every startup - OnAutoUploadEnabledChanged in PatchViewModel constructor triggered SaveAsync during init. Added _initialized guard to skip during construction 5. [LOW] Corrupted config silently overwrites backup before recovery attempt - Sanitize() is called on recovered configs before re-saving to disk Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * fix: use synchronous save on window close to prevent state loss Window close handler used SafeFireAndForgetSave (Task.Run), which creates a race: the process may exit before the thread-pool write completes, silently losing window size/position/maximized state on next launch. Changed to synchronous ConfigService.Save() which completes in <1ms for the tiny (<2KB) config file. Also promoted Save() from private to public and added it to IConfigService for this exact shutdown scenario. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * chore: final code review cleanup before release - Add missing Sanitize() calls in LoadAsync() backup-recovery and normal paths - Remove unused System.Threading.Tasks import from App.axaml.cs - Remove unused BuildUrl dead code from HttpUploadService - Remove unnecessary 'new' keyword on AppLanguageManager.Instance - Fix LoadAsync() to catch IOException/UnauthorizedAccessException Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
1 parent 5bf8db7 commit 851406d

0 file changed

File tree

    0 commit comments

    Comments
     (0)