同步操作将从 zenaster/rtk 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
rules:- id: dynamic-command-executionpatterns:- pattern: Command::new($ARG)- pattern-not: Command::new("...")message: >Dynamic shell invocation via Command::new($ARG).RTK only executes known CLI tools — use string literals, not variables.languages: [rust]severity: ERROR- id: unsafe-blockpattern: unsafe { ... }message: >Unsafe block detected. RTK has no legitimate need for unsafe code.languages: [rust]severity: ERROR- id: ld-preload-manipulationpattern-either:- pattern: $CMD.env("LD_PRELOAD", ...)- pattern: $CMD.env("LD_LIBRARY_PATH", ...)message: >LD_PRELOAD/LD_LIBRARY_PATH manipulation detected.This can hijack shared library loading — forbidden in RTK.languages: [rust]severity: ERROR- id: raw-socket-usagepattern-either:- pattern: TcpStream::$METHOD(...)- pattern: UdpSocket::$METHOD(...)- pattern: TcpListener::$METHOD(...)message: >Raw socket usage detected. RTK is a CLI proxy — it should notopen network connections directly. Use ureq in telemetry only.languages: [rust]severity: ERROR- id: reqwest-forbiddenpattern: reqwest::$METHOD(...)message: >reqwest is forbidden in RTK. The project uses ureq for HTTP(telemetry only). Adding reqwest increases binary size and attack surface.languages: [rust]severity: ERROR- id: interpreter-executionpattern-either:- pattern: Command::new("curl")- pattern: Command::new("wget")- pattern: Command::new("python")- pattern: Command::new("python3")- pattern: Command::new("node")- pattern: Command::new("bash")- pattern: Command::new("sh")- pattern: Command::new("perl")- pattern: Command::new("ruby")message: >Direct interpreter/downloader execution detected.RTK proxies user commands — it should never spawn interpretersor download tools on its own.languages: [rust]severity: ERROR- id: ureq-outside-telemetrypattern: ureq::$METHOD(...)paths:exclude:- /src/core/telemetry.rsmessage: >ureq usage outside of src/core/telemetry.rs.HTTP calls are restricted to the telemetry module to prevent data exfiltration.languages: [rust]severity: ERROR# ── WARNING rules (non-blocking, flag for review) ──- id: path-env-manipulationpattern-either:- pattern: $CMD.env("PATH", ...)- pattern: std::env::set_var("PATH", ...)- pattern: env::set_var("PATH", ...)message: >PATH environment variable manipulation detected.Hijacking PATH can redirect command resolution to attacker-controlled binaries.languages: [rust]severity: WARNING- id: sensitive-path-referencepattern-regex: \.(ssh|bashrc|zshrc|bash_profile|profile)|authorized_keys|/etc/passwd|/etc/shadowmessage: >Reference to sensitive system path detected.RTK filters should not access dotfiles, SSH keys, or system credential files.languages: [rust]severity: WARNING- id: filesystem-deletionpattern-either:- pattern: fs::remove_file(...)- pattern: fs::remove_dir_all(...)- pattern: std::fs::remove_file(...)- pattern: std::fs::remove_dir_all(...)message: >File/directory deletion detected. Expected in hooks/init cleanup,surprising in a filter module. Verify intent.languages: [rust]severity: WARNING
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。