fix(ui,db): harden NULL handling, fix CWE-134, optimize iterations
Some checks failed
CI Code / Code Coverage (push) Failing after 10m34s
CI Code / Check spelling (push) Failing after 10m47s
CI Code / Check coding style (push) Failing after 11m4s
CI Code / Linux (ubuntu) (push) Failing after 11m19s
CI Code / Linux (debian) (push) Failing after 11m28s
CI Code / Linux (arch) (push) Failing after 11m38s

security(CWE-134): fix format string injections + add CI check
fix(ui): subwindow lifecycle, newwin/newpad guards, fallback timestamps
fix(db): sqlite cleanup on failures, sqlite3_close_v2
fix(xmpp): queued_messages loop, barejid leak
perf(core): g_hash_table_iter_init instead of g_hash_table_get_keys
refactor(ui): CLAMP macro in _check_subwin_width
test: XEP-0012 and XEP-0045 functional tests

Author: jabber.developer2
Closes #58, #85
This commit is contained in:
2026-02-06 19:27:40 +01:00
parent f8826b7c79
commit 467222d0ca
36 changed files with 656 additions and 238 deletions

View File

@@ -393,3 +393,83 @@ shows_no_message_in_console_when_window_not_focussed(void **state)
assert_false(prof_output_regex("testroom@conference\\.localhost \\(win 2\\)"));
prof_timeout_reset();
}
void
sends_affiliation_list_request(void **state)
{
prof_connect();
stbbr_for_presence_to("testroom@conference.localhost/stabber",
"<presence id='*' lang='en' to='stabber@localhost/profanity' from='testroom@conference.localhost/stabber'>"
"<c hash='sha-1' xmlns='http://jabber.org/protocol/caps' node='http://profanity-im.github.io' ver='*'/>"
"<x xmlns='http://jabber.org/protocol/muc#user'>"
"<item role='moderator' jid='stabber@localhost/profanity' affiliation='owner'/>"
"</x>"
"<status code='110'/>"
"</presence>"
);
prof_input("/join testroom@conference.localhost");
assert_true(prof_output_regex("-> You have joined the room as stabber, role: moderator, affiliation: owner"));
prof_input("/affiliation owner list");
assert_true(stbbr_received(
"<iq id='*' to='testroom@conference.localhost' type='get'>"
"<query xmlns='http://jabber.org/protocol/muc#admin'>"
"<item affiliation='owner'/>"
"</query>"
"</iq>"
));
}
void
sends_kick_request(void **state)
{
prof_connect();
// Enable MUC presence messages to see occupant join/leave
prof_input("/presence room all");
assert_true(prof_output_regex("All presence updates will appear"));
stbbr_for_presence_to("testroom@conference.localhost/stabber",
"<presence id='*' lang='en' to='stabber@localhost/profanity' from='testroom@conference.localhost/stabber'>"
"<c hash='sha-1' xmlns='http://jabber.org/protocol/caps' node='http://profanity-im.github.io' ver='*'/>"
"<x xmlns='http://jabber.org/protocol/muc#user'>"
"<item role='moderator' jid='stabber@localhost/profanity' affiliation='admin'/>"
"</x>"
"<status code='110'/>"
"</presence>"
);
prof_input("/join testroom@conference.localhost");
assert_true(prof_output_regex("-> You have joined the room as stabber, role: moderator, affiliation: admin"));
// Simulate another user in the room
stbbr_send(
"<presence to='stabber@localhost/profanity' from='testroom@conference.localhost/baduser'>"
"<x xmlns='http://jabber.org/protocol/muc#user'>"
"<item role='participant' jid='baduser@localhost/phone' affiliation='none'/>"
"</x>"
"</presence>"
);
sleep(1);
assert_true(prof_output_regex("baduser has joined"));
// Register success response for kick
stbbr_for_query("http://jabber.org/protocol/muc#admin",
"<iq id='*' type='result' from='testroom@conference.localhost'/>"
);
prof_input("/kick baduser \"spamming\"");
assert_true(stbbr_received(
"<iq id='*' to='testroom@conference.localhost' type='set'>"
"<query xmlns='http://jabber.org/protocol/muc#admin'>"
"<item nick='baduser' role='none'>"
"<reason>spamming</reason>"
"</item>"
"</query>"
"</iq>"
));
}