chore(hardening): tighten security and footprint defaults

This commit is contained in:
2026-04-24 19:03:57 +01:00
parent 55b34d8ffc
commit b333c6229e
36 changed files with 8702 additions and 254 deletions

View File

@@ -9,12 +9,12 @@ fn main() {
println!("cargo:rustc-link-arg=-Wl,--allow-multiple-definition");
}
assert_localhost_llm_csp();
assert_loopback_llm_csp();
tauri_build::build()
}
/// Regression guard for brief item #2 (pre-emptive localhost LLM scope).
/// Regression guard for brief item #2 (pre-emptive loopback LLM scope).
///
/// Kon's bundled llama.cpp server and any BYO Ollama install speak HTTP
/// on `127.0.0.1:*`. If the `connect-src` CSP ever drops those entries,
@@ -25,9 +25,9 @@ fn main() {
/// Parses `tauri.conf.json` properly and inspects the `connect-src`
/// directive of the CSP, rather than substring-searching the whole
/// file — the latter would both false-pass on unrelated values
/// containing a localhost URL and false-fail on JSON-escaped forward
/// containing a loopback URL and false-fail on JSON-escaped forward
/// slashes.
fn assert_localhost_llm_csp() {
fn assert_loopback_llm_csp() {
let conf_path = std::path::Path::new("tauri.conf.json");
println!("cargo:rerun-if-changed=tauri.conf.json");
@@ -70,4 +70,12 @@ fn assert_localhost_llm_csp() {
{connect_src:?}"
);
}
for forbidden in ["http://localhost:*", "ws://localhost:*"] {
assert!(
!tokens.contains(&forbidden),
"build.rs: tauri.conf.json CSP connect-src must not permit {forbidden}; \
normalize local LLM endpoints to 127.0.0.1 instead. Current connect-src: \
{connect_src:?}"
);
}
}