fix: audit findings — security, i18n, validation, dead code (v0.3.2) · 0d4a1b035a - greetd-moongreet

fix: audit findings — security, i18n, validation, dead code (v0.3.2)

Quality:
- Q-5: Allow relative session commands (e.g. niri-session), greetd resolves PATH
- Q-3: Socket read+write timeouts with proper error logging
- Q-2: Remove unused PowerError::Timeout variant
- Q-M1: i18n for all login_worker error messages (new: unexpected_greetd_response)
- Q-M2: Explicit INVALID_LIST_POSITION check in session dropdown
- Q-M4: Log SVG loader.close() errors instead of silencing
- Q-M6: Testable persistence functions with proper roundtrip tests

Security:
- S-2: Validate GTK theme name (alphanumeric, _, -, +, . only)
- S-3: Log file created with mode 0o640
- S-4: Cache files (last-user, last-session) created with mode 0o600

Performance:
- P-3: Single symlink_metadata() call instead of exists() + is_symlink()
- P-4: Avoid Vec allocation in IPC send_message (two write_all calls)

Config:
- Update example GTK theme to Colloid-Catppuccin

This commit is contained in:

nevaforget

2026-03-28 00:37:35 +01:00

parent 4fa0dd0ead

commit 0d4a1b035a

8 changed files with 186 additions and 56 deletions

Cargo.lock

Generated

+1 -1

View File

@@ -687,7 +687,7 @@ dependencies = [
 [[package]]
 name = "moongreet"
 version = "0.3.0"
 version = "0.3.1"
 dependencies = [
  "env_logger",
  "gdk-pixbuf",