vestige/crates
Sam Valladares 8900a27c40 fix(audit): round-2 panics, overflows, XML/SSRF hardening (swarm)
Second swarm pass (complete every-line sweep), verified against real code
(38/101 confirmed real; 63 false positives excluded). This commit lands the
main-compatible subset:

- redmine SSRF guard: rewrite host check to use host_str()+std::net::IpAddr
  instead of the `url` crate (url is not a direct dep of vestige-core on main;
  the previous form only compiled on the feature branch). Same protection:
  blocks localhost + loopback/private/link-local/unspecified IPs.
- bin/restore: guard wrapper[0] index (empty backup array would panic)
- bin/cli: char-boundary-safe node.id truncation (2 byte-slice panics);
  XML-escape the model/home strings before launchd plist substitution
- prospective_memory: Duration::try_hours/try_days (panic on out-of-range
  user config); case-insensitive " at " split now uses the lowercased index
  so the contains() check and the split agree

core 477/0, mcp builds, clippy clean.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 15:09:31 -05:00
..
vestige-core fix(audit): round-2 panics, overflows, XML/SSRF hardening (swarm) 2026-06-29 15:09:31 -05:00
vestige-mcp fix(audit): round-2 panics, overflows, XML/SSRF hardening (swarm) 2026-06-29 15:09:31 -05:00