fix: harden credential handling, codec safety, and API consistency#19
Merged
deadcode-walker merged 10 commits intomainfrom Mar 23, 2026
Merged
fix: harden credential handling, codec safety, and API consistency#19deadcode-walker merged 10 commits intomainfrom
deadcode-walker merged 10 commits intomainfrom
Conversation
Added project-level CLAUDE.md with agent instructions for test routing and CI requirements. Gitignored .claude/ for local harness config. Removed obsolete .omp/ rules and skills (replaced by AGENTS.md and CLAUDE.md).
…rver_ok Register the Notify future before checking the atomic counter to prevent a TOCTOU race that could hang tests under load. Remove redundant Arc<Notify> inside Arc<ServerState>. Move assert_server_ok to shared helpers and replace all remaining `let _ = handle.await` in mock tests.
CRITICAL: - fix unbounded recursion in AmiCodec::decode on empty frames - replace derived Debug on AriConfig with manual impl that redacts password and ws_url HIGH: - adopt Credentials (Zeroizing<String>) from core for ARI config, replacing plain String username/password fields - add require_challenge option to AmiClientBuilder (default true) to prevent silent plaintext auth fallback - restrict AMI connection module to pub(crate) visibility - eliminate unnecessary AmiResponse clone in dispatch_message - add AgiError::InvalidConfig variant (was shoehorned into Io) MEDIUM: - apply url_encode to all user-supplied ARI resource path segments (mailbox, device_state, sound, recording, asterisk modules) - extract duplicated WsRestRequest into shared ws_proto module - send WebSocket close frame on ARI listener shutdown - fix weak jitter entropy in reconnect backoff (hash ThreadId) - downgrade raw ARI payload logging from WARN to TRACE - restrict ws_url() accessor to pub(crate) to prevent credential leak - make AriConfig fields pub(crate) with read-only accessors - document tokio::sync::Mutex hold behavior in Call::wait_for_answer
Fixes CRL distribution point matching vulnerability where correct CRLs were not consulted for revocation checking on certs with multiple distributionPoints.
github-actions
bot
added
documentation
- semver.yml: add continue-on-error (release-plz owns version bumps) - ci.yml: pin typos action to v1 instead of master - docs.yml: use taiki-e/install-action@mdbook instead of cargo install
- coverage.yml: enforce --fail-under-lines 60 minimum - dependabot.yml: add rust ecosystem for toolchain updates (monthly) - deny.toml: wildcards "allow" -> "deny" to block wildcard deps
- coverage.yml: remove --fail-under-lines (threshold meaningless with external test crate) and include test crate in coverage measurement - dependabot.yml: remove rust ecosystem (no rust-toolchain.toml exists)
- security.yml: add pull_request trigger so Cargo Deny reports on PRs (was only push+schedule, causing required check to never report) - deny.toml: skip-tree asterisk-rs-tests (internal crate uses workspace wildcards, never published)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
AmiCodec::decodeon empty frames — convert to iterative loopDebugonAriConfigwith manual impl that redacts password andws_urlCredentials(Zeroizing<String>) from core for ARI, replacing plainStringpassword fieldsrequire_challengeoption toAmiClientBuilder(defaulttrue) to prevent silent plaintext auth fallbackconnectionmodule topub(crate), eliminate unnecessaryAmiResponseclone in dispatchAgiError::InvalidConfigvariant (was shoehorned intoIo)url_encodeto all user-supplied ARI resource path segments (mailbox, device_state, sound, recording, asterisk modules)WsRestRequestinto sharedws_protomoduleThreadIdinstead of string length)ws_url()accessor topub(crate), makeAriConfigfields private with read-only accessorsrustls-webpki0.103.9 → 0.103.10 (RUSTSEC-2026-0049).claude/, remove stale.omp/configwait_for_ws_client, promoteassert_server_okto shared helpersBreaking changes
AriConfigfields are nowpub(crate)— use accessor methods (base_url(),credentials(),app_name(), etc.)AriConfigBuildernow requires non-empty passwordAmiClientBuilderdefaults torequire_challenge(true)— set.require_challenge(false)for plaintext-only Asterisk serversconnectionmodule is nowpub(crate)2000@default→2000%40default)Test plan
cargo clippy --workspace --all-targets --all-features -- -D warningscleanrequire_challenge(false)where plaintext login is usedcargo-semver-checkswill flag breaking changes — version bumps neededcargo denyshould pass withrustls-webpkiupdate