开源 企业版 高校版 私有云 模力方舟 AI 队友
代码拉取完成,页面将自动刷新
forked from zenaster/rtk
加入 Gitee
与超过 1400万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
已有帐号? 立即登录
文件
master
分支 (170)
标签 (144)
master
develop
release-please--branches--master--components--rtk
dependabot/github_actions/actions/checkout-6
hotfix/cicd/use-git-app
dependabot/github_actions/googleapis/release-please-action-5
dependabot/cargo/tempfile-3.27.0
dependabot/cargo/quick-xml-0.39.2
dependabot/cargo/colored-3.1.1
dependabot/cargo/which-8.0.2
dependabot/cargo/ureq-3.3.0
dependabot/github_actions/actions/download-artifact-8
dependabot/github_actions/actions/setup-go-6
dependabot/github_actions/actions/github-script-9
fix/remove-sh-from-tests
fix/curl-json-passthrough-1536
fix/stream-stderr-routing
cicd/integration-tests
benchmark-cicd-update
feat/sqz-features
latest
dev-0.38.1-rc.187
dev-0.38.1-rc.188
dev-0.38.1-rc.190
dev-0.39.0-rc.191
dev-0.39.0-rc.192
v0.38.0
dev-0.38.0-rc.184
dev-0.38.0-rc.170
dev-0.38.0-rc.171
dev-0.38.0-rc.173
dev-0.38.0-rc.174
dev-0.38.0-rc.175
dev-0.38.0-rc.176
dev-0.38.0-rc.177
dev-0.38.0-rc.178
dev-0.38.0-rc.179
v0.37.2
dev-0.37.2-rc.162
dev-0.37.2-rc.163
master
分支 (170)
标签 (144)
master
develop
release-please--branches--master--components--rtk
dependabot/github_actions/actions/checkout-6
hotfix/cicd/use-git-app
dependabot/github_actions/googleapis/release-please-action-5
dependabot/cargo/tempfile-3.27.0
dependabot/cargo/quick-xml-0.39.2
dependabot/cargo/colored-3.1.1
dependabot/cargo/which-8.0.2
dependabot/cargo/ureq-3.3.0
dependabot/github_actions/actions/download-artifact-8
dependabot/github_actions/actions/setup-go-6
dependabot/github_actions/actions/github-script-9
fix/remove-sh-from-tests
fix/curl-json-passthrough-1536
fix/stream-stderr-routing
cicd/integration-tests
benchmark-cicd-update
feat/sqz-features
latest
dev-0.38.1-rc.187
dev-0.38.1-rc.188
dev-0.38.1-rc.190
dev-0.39.0-rc.191
dev-0.39.0-rc.192
v0.38.0
dev-0.38.0-rc.184
dev-0.38.0-rc.170
dev-0.38.0-rc.171
dev-0.38.0-rc.173
dev-0.38.0-rc.174
dev-0.38.0-rc.175
dev-0.38.0-rc.176
dev-0.38.0-rc.177
dev-0.38.0-rc.178
dev-0.38.0-rc.179
v0.37.2
dev-0.37.2-rc.162
dev-0.37.2-rc.163
克隆/下载
克隆/下载
提示
下载代码请复制以下命令到终端执行
为确保你提交的代码身份被 Gitee 正确识别,请执行以下命令完成配置
初次使用 SSH 协议进行代码克隆、推送等操作时,需按下述提示完成 SSH 配置
1 生成 RSA 密钥
2 获取 RSA 公钥内容,并配置到 SSH公钥
在 Gitee 上使用 SVN,请访问 使用指南
使用 HTTPS 协议时,命令行会出现如下账号密码验证步骤。基于安全考虑,Gitee 建议 配置并使用私人令牌 替代登录密码进行克隆、推送等操作
Username for 'https://gitee.com': userName
Password for 'https://userName@gitee.com': # 私人令牌
master
分支 (170)
标签 (144)
master
develop
release-please--branches--master--components--rtk
dependabot/github_actions/actions/checkout-6
hotfix/cicd/use-git-app
dependabot/github_actions/googleapis/release-please-action-5
dependabot/cargo/tempfile-3.27.0
dependabot/cargo/quick-xml-0.39.2
dependabot/cargo/colored-3.1.1
dependabot/cargo/which-8.0.2
dependabot/cargo/ureq-3.3.0
dependabot/github_actions/actions/download-artifact-8
dependabot/github_actions/actions/setup-go-6
dependabot/github_actions/actions/github-script-9
fix/remove-sh-from-tests
fix/curl-json-passthrough-1536
fix/stream-stderr-routing
cicd/integration-tests
benchmark-cicd-update
feat/sqz-features
latest
dev-0.38.1-rc.187
dev-0.38.1-rc.188
dev-0.38.1-rc.190
dev-0.39.0-rc.191
dev-0.39.0-rc.192
v0.38.0
dev-0.38.0-rc.184
dev-0.38.0-rc.170
dev-0.38.0-rc.171
dev-0.38.0-rc.173
dev-0.38.0-rc.174
dev-0.38.0-rc.175
dev-0.38.0-rc.176
dev-0.38.0-rc.177
dev-0.38.0-rc.178
dev-0.38.0-rc.179
v0.37.2
dev-0.37.2-rc.162
dev-0.37.2-rc.163
rtk
/
.semgrep.yml
rtk
/
.semgrep.yml
.semgrep.yml 3.49 KB
一键复制 编辑 原始数据 按行查看 历史
aesoft 提交于 2026年04月10日 19:10 +08:00 . feat(cicd): enforce cicd sast & package check
rules:
- id: dynamic-command-execution
patterns:
- pattern: Command::new($ARG)
- pattern-not: Command::new("...")
message: >
Dynamic shell invocation via Command::new($ARG).
RTK only executes known CLI tools — use string literals, not variables.
languages: [rust]
severity: ERROR
- id: unsafe-block
pattern: unsafe { ... }
message: >
Unsafe block detected. RTK has no legitimate need for unsafe code.
languages: [rust]
severity: ERROR
- id: ld-preload-manipulation
pattern-either:
- pattern: $CMD.env("LD_PRELOAD", ...)
- pattern: $CMD.env("LD_LIBRARY_PATH", ...)
message: >
LD_PRELOAD/LD_LIBRARY_PATH manipulation detected.
This can hijack shared library loading — forbidden in RTK.
languages: [rust]
severity: ERROR
- id: raw-socket-usage
pattern-either:
- pattern: TcpStream::$METHOD(...)
- pattern: UdpSocket::$METHOD(...)
- pattern: TcpListener::$METHOD(...)
message: >
Raw socket usage detected. RTK is a CLI proxy — it should not
open network connections directly. Use ureq in telemetry only.
languages: [rust]
severity: ERROR
- id: reqwest-forbidden
pattern: reqwest::$METHOD(...)
message: >
reqwest is forbidden in RTK. The project uses ureq for HTTP
(telemetry only). Adding reqwest increases binary size and attack surface.
languages: [rust]
severity: ERROR
- id: interpreter-execution
pattern-either:
- pattern: Command::new("curl")
- pattern: Command::new("wget")
- pattern: Command::new("python")
- pattern: Command::new("python3")
- pattern: Command::new("node")
- pattern: Command::new("bash")
- pattern: Command::new("sh")
- pattern: Command::new("perl")
- pattern: Command::new("ruby")
message: >
Direct interpreter/downloader execution detected.
RTK proxies user commands — it should never spawn interpreters
or download tools on its own.
languages: [rust]
severity: ERROR
- id: ureq-outside-telemetry
pattern: ureq::$METHOD(...)
paths:
exclude:
- /src/core/telemetry.rs
message: >
ureq usage outside of src/core/telemetry.rs.
HTTP calls are restricted to the telemetry module to prevent data exfiltration.
languages: [rust]
severity: ERROR
# ── WARNING rules (non-blocking, flag for review) ──
- id: path-env-manipulation
pattern-either:
- pattern: $CMD.env("PATH", ...)
- pattern: std::env::set_var("PATH", ...)
- pattern: env::set_var("PATH", ...)
message: >
PATH environment variable manipulation detected.
Hijacking PATH can redirect command resolution to attacker-controlled binaries.
languages: [rust]
severity: WARNING
- id: sensitive-path-reference
pattern-regex: \.(ssh|bashrc|zshrc|bash_profile|profile)|authorized_keys|/etc/passwd|/etc/shadow
message: >
Reference to sensitive system path detected.
RTK filters should not access dotfiles, SSH keys, or system credential files.
languages: [rust]
severity: WARNING
- id: filesystem-deletion
pattern-either:
- pattern: fs::remove_file(...)
- pattern: fs::remove_dir_all(...)
- pattern: std::fs::remove_file(...)
- pattern: std::fs::remove_dir_all(...)
message: >
File/directory deletion detected. Expected in hooks/init cleanup,
surprising in a filter module. Verify intent.
languages: [rust]
severity: WARNING
Loading...
举报
举报成功
我们将于2个工作日内通过站内信反馈结果给你!
请认真填写举报原因,尽可能描述详细。
请选择举报类型
取消
发送
误判申诉

此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。

如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。

取消
提交

简介

暂无描述
暂无标签
Apache-2.0
使用 Apache-2.0 开源许可协议
取消

发行版

暂无发行版

贡献者

全部

近期动态

不能加载更多了
编辑仓库简介
简介内容
主页
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/futurelei/rtk.git
git@gitee.com:futurelei/rtk.git
futurelei
rtk
rtk
master
点此查找更多帮助

搜索帮助

评论
仓库举报
回到顶部
登录提示
该操作需登录 Gitee 帐号,请先登录后再操作。
立即登录
没有帐号,去注册

AltStyle によって変換されたページ (->オリジナル) /