nevaforget/moonset
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: audit LOW fixes — rejection-path tests, wallpaper-fallback docs (v0.9.1)

Browse Source 
- Test AccountsService-icon symlink rejection (users.rs)
- Tests for wallpaper symlink/extension/size rejection (config.rs)
- Fix stale 'bundled package wallpaper' fallback docs (README, example config) — bundled tier removed 2026-03-28, actual chain is two-tier
This commit is contained in:
nevaforget
2026-06-17 13:06:15 +02:00
parent 7dae48f6cc
commit 7d124db2f1
7 changed files with 66 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CHANGELOG.md
+10
View File
@@ -3,6 +3,16 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
Format based on [Keep a Changelog](https://keepachangelog.com/). Format based on [Keep a Changelog](https://keepachangelog.com/).
## [0.9.1] - 2026-06-17
### Fixed
- Wallpaper fallback docs (README, example config) referenced a removed "bundled package wallpaper" tier; corrected to two-tier (config → moonarch default → CSS background)
### Added
- Tests for avatar/wallpaper rejection paths (AccountsService symlink, wallpaper symlink/extension/size)
## [0.9.0] - 2026-06-17 ## [0.9.0] - 2026-06-17
### Changed ### Changed
Cargo.lock
Generated
+1 -1
View File
@@ -616,7 +616,7 @@ dependencies = [
[[package]] [[package]]
name = "moonset" name = "moonset"
version = "0.9.0" version = "0.9.1"
dependencies = [ dependencies = [
"dirs", "dirs",
"gdk-pixbuf", "gdk-pixbuf",
Cargo.toml
+1 -1
View File
@@ -1,6 +1,6 @@
[package] [package]
name = "moonset" name = "moonset"
version = "0.9.0" version = "0.9.1"
edition = "2024" edition = "2024"
description = "Wayland session power menu with GTK4 and Layer Shell" description = "Wayland session power menu with GTK4 and Layer Shell"
license = "MIT" license = "MIT"
README.md
+1 -1
View File
@@ -60,7 +60,7 @@ background_path = "/usr/share/moonarch/wallpaper.jpg"
logout_command = "niri msg action quit" logout_command = "niri msg action quit"
``` ```
Wallpaper fallback: config → `/usr/share/moonarch/wallpaper.jpg`bundled package wallpaper Wallpaper fallback: config → `/usr/share/moonarch/wallpaper.jpg`CSS background (no image)
## Development ## Development
config/moonset.toml
+1 -1
View File
@@ -2,7 +2,7 @@
# Config file: ~/.config/moonset/moonset.toml or /etc/moonset/moonset.toml # Config file: ~/.config/moonset/moonset.toml or /etc/moonset/moonset.toml
# Path to background image (optional) # Path to background image (optional)
# Fallback order: config → /usr/share/moonarch/wallpaper.jpg → bundled package wallpaper # Fallback order: config → /usr/share/moonarch/wallpaper.jpg → CSS background (no image)
# background_path = "/usr/share/moonarch/wallpaper.jpg" # background_path = "/usr/share/moonarch/wallpaper.jpg"
# Logout command override (optional, space-separated program + args) # Logout command override (optional, space-separated program + args)
src/config.rs
+38
View File
@@ -250,6 +250,44 @@ mod tests {
assert_eq!(result, None); assert_eq!(result, None);
} }
#[test]
fn resolve_rejects_symlinked_config_wallpaper() {
let dir = tempfile::tempdir().unwrap();
let target = dir.path().join("real.jpg");
fs::write(&target, "fake").unwrap();
let link = dir.path().join("link.jpg");
std::os::unix::fs::symlink(&target, &link).unwrap();
let config = Config {
background_path: Some(link.to_str().unwrap().to_string()),
..Config::default()
};
assert_eq!(resolve_background_path_with(&config, Path::new("/nonexistent")), None);
}
#[test]
fn resolve_rejects_disallowed_extension() {
let dir = tempfile::tempdir().unwrap();
let wp = dir.path().join("wallpaper.bmp");
fs::write(&wp, "fake").unwrap();
let config = Config {
background_path: Some(wp.to_str().unwrap().to_string()),
..Config::default()
};
assert_eq!(resolve_background_path_with(&config, Path::new("/nonexistent")), None);
}
#[test]
fn resolve_rejects_oversized_wallpaper() {
let dir = tempfile::tempdir().unwrap();
let wp = dir.path().join("huge.jpg");
fs::write(&wp, vec![0u8; (MAX_WALLPAPER_FILE_SIZE + 1) as usize]).unwrap();
let config = Config {
background_path: Some(wp.to_str().unwrap().to_string()),
..Config::default()
};
assert_eq!(resolve_background_path_with(&config, Path::new("/nonexistent")), None);
}
#[test] #[test]
fn load_config_ignores_invalid_toml_syntax() { fn load_config_ignores_invalid_toml_syntax() {
let dir = tempfile::tempdir().unwrap(); let dir = tempfile::tempdir().unwrap();
src/users.rs
+14
View File
@@ -145,6 +145,20 @@ mod tests {
assert!(path.is_none()); assert!(path.is_none());
} }
#[test]
fn rejects_symlink_accountsservice_icon() {
let dir = tempfile::tempdir().unwrap();
let target = dir.path().join("secret");
fs::write(&target, "secret content").unwrap();
let icons_dir = dir.path().join("icons");
fs::create_dir(&icons_dir).unwrap();
let icon = icons_dir.join("testuser");
std::os::unix::fs::symlink(&target, &icon).unwrap();
// No ~/.face, so resolution falls through to the AccountsService branch
let path = get_avatar_path_with(dir.path(), Some("testuser"), &icons_dir);
assert!(path.is_none());
}
#[test] #[test]
fn returns_none_when_no_avatar() { fn returns_none_when_no_avatar() {
let dir = tempfile::tempdir().unwrap(); let dir = tempfile::tempdir().unwrap();