3775bc3ee0
- Replace 9 panic() calls in smart_defaults.go with error returns - Add ErrUnknownProfile error type for better error handling - Update all callers (worker/config.go, tui/config.go, tui/cli_config.go, tui/main.go) - Update CHANGELOG.md with recent WebSocket handler improvements - Add metrics persistence, dataset handlers, and test organization notes - Config validation passes (make configlint) - All tests pass (go test ./tests/unit/api/ws)
27 lines
1.3 KiB
Markdown
27 lines
1.3 KiB
Markdown
## [Unreleased]
|
|
|
|
### Security
|
|
- Native: fix buffer overflow vulnerabilities in `dataset_hash` (replaced `strcpy` with `strncpy` + null termination)
|
|
- Native: fix unsafe `memcpy` in `queue_index` priority queue (added explicit null terminators for string fields)
|
|
- Native: add path traversal protection in `queue_index` storage (rejects `..` and null bytes in queue directory paths)
|
|
- Native: add mmap size limits (100MB max) to prevent unbounded memory mapping exposure
|
|
- Native: modularize C++ libraries with clean layering (common, queue_index, dataset_hash)
|
|
|
|
### Added
|
|
- API/WebSocket: add dataset handlers (list, register, info, search) with DB integration
|
|
- API/WebSocket: add metrics persistence to `handleLogMetric` with `websocket_metrics` table
|
|
- Storage: add `db_metrics.go` with `RecordMetric`, `GetMetrics`, `GetMetricSummary` methods
|
|
- Tests: add payload parsing tests for WebSocket handlers
|
|
|
|
### Changed
|
|
- Config: replace `panic()` with error returns in `smart_defaults.go` for better error handling
|
|
- Tests: move WebSocket handler tests to `tests/unit/api/ws/`
|
|
|
|
### Fixed
|
|
- Storage: remove duplicate `db_datasets.go`, consolidate with `db_experiments.go`
|
|
|
|
### Deprecated
|
|
- Config: `ToTUIConfig()` now returns `(*Config, error)` instead of `*Config`
|
|
|
|
### Removed
|
|
- Storage: deleted `internal/storage/db_datasets.go` (duplicate implementation)
|