sneak/mfer
1
0
Fork 0
Code Issues 4 Pull Requests 1 Releases Wiki Activity
778999a285
mfer/TODO.md
sneak fc0b38ea19 Add TODO.md with codebase audit findings 
Document issues found during code audit including:
- Critical: broken error comparison, unchecked hash writes, URL path traversal
- Important: goroutine leak, timestamp precision, missing context cancellation
- Code quality: duplicate functions, inefficient calculations, missing validation
2025-12-18 01:30:01 -08:00

1.3 KiB
Raw Blame History

TODO

Critical

  • Fix broken error comparison in internal/checker/checker.go:195 - errors.Is(err, errors.New("file does not exist")) always returns false because errors.New() creates a new instance each call
  • Fix unchecked hash.Write() errors in mfer/builder.go:52, mfer/serialize.go:56, internal/cli/freshen.go:340
  • Fix URL path traversal risk in internal/cli/fetch.go:116 - path isn't URL-escaped, should use url.JoinPath() or proper encoding

Important

  • Fix goroutine leak in signal handler internal/cli/gen.go:98-106 - goroutine runs until channel closed, leaks if program exits normally
  • Fix timestamp precision in mfer/serialize.go:16-22 - use t.Nanosecond() instead of manual calculation
  • Add context cancellation check to filesystem walk in internal/cli/freshen.go - Ctrl-C doesn't work during scan phase

Code Quality

  • Consolidate duplicate pathIsHidden implementations in internal/scanner/scanner.go:385-402 and internal/cli/freshen.go:378-397
  • Make TotalBytes() in internal/scanner/scanner.go:250-259 track total incrementally instead of recalculating on every call
  • Add input validation to AddFileWithHash() in mfer/builder.go:107-120 - validate path, size, and hash inputs