max / goingson
1 file changed,
+55 insertions,
-0 deletions
| @@ -92,6 +92,61 @@ v0.3.0. Audit grade A. ~762 tests. | |||
| 92 | 92 | ||
| 93 | 93 | --- | |
| 94 | 94 | ||
| 95 | + | ## Code Fuzz Fixes (2026-05-02) | |
| 96 | + | ||
| 97 | + | Found by adversarial code review. Ordered by priority. | |
| 98 | + | ||
| 99 | + | ### Remaining | |
| 100 | + | ||
| 101 | + | ### MINOR | |
| 102 | + | - [ ] Negative duration inverts overlap detection in day planning (day_planning.rs:47) | |
| 103 | + | - [ ] End-of-month recurrence heuristic promotes Feb 28 to "last day" (recurrence.rs:23) | |
| 104 | + | - [ ] `DefaultHasher` for synthetic email message IDs unstable across Rust versions (email_sync.rs:64) | |
| 105 | + | - [ ] `+0d` relative date rejected, check is `num < 1` not `num < 0` (parser.rs:197) | |
| 106 | + | - [ ] `create_initial_snapshot` not idempotent, crash duplicates changelog (sync_service/mod.rs:144) | |
| 107 | + | - [ ] `write_json` export not atomic, no tmp+rename (export/backup.rs:136) | |
| 108 | + | - [ ] vCard import partial failure leaves orphaned contact without dedup key (commands/import_external.rs:169) | |
| 109 | + | - [ ] iCal events without UID bypass dedup, re-import creates duplicates (commands/import_external.rs:287) | |
| 110 | + | - [ ] CSV sanitization misses `\t`/`\r`/`\n` formula injection prefixes (export/csv.rs:96) | |
| 111 | + | - [ ] Same-name attachments overwrite each other in temp dir (commands/attachment.rs:184) | |
| 112 | + | - [ ] Notification cache clear at 1000 entries re-enables all notifications (notifications.rs:76) | |
| 113 | + | - [ ] Unparseable email dates fall back to `Utc::now()`, old spam sorts above recent mail (imap_client.rs:308) | |
| 114 | + | ||
| 115 | + | ### NOTE (won't fix, documented) | |
| 116 | + | - OAuth callback server accepts unauthenticated local connections for 5 min | |
| 117 | + | - Token expiry computed after HTTP round-trip, not before | |
| 118 | + | - `calculate_urgency` calls `Utc::now()` internally (impure, flaky tests) | |
| 119 | + | - `+Nm` relative months use 30-day approximation vs real month math in recurrence | |
| 120 | + | - Push-then-mark not atomic, depends on server idempotency | |
| 121 | + | - Malformed changelog entries silently dropped | |
| 122 | + | - `from_str_or_default` silently accepts enum typos | |
| 123 | + | - `Ordering::Relaxed` on shutdown flag, technically incorrect on ARM | |
| 124 | + | ||
| 125 | + | --- | |
| 126 | + | ||
| 127 | + | ## Email Compose (pre-beta) | |
| 128 | + | ||
| 129 | + | ### Done | |
| 130 | + | - [x] HTML email body conversion to readable markdown via pter (replaces hand-rolled strip_html) | |
| 131 | + | ||
| 132 | + | ### Remaining | |
| 133 | + | - [ ] Reply / Reply-All — compose with quoted text, In-Reply-To/References headers on outbound | |
| 134 | + | - [ ] Forward — prefill compose with forwarded content | |
| 135 | + | - [ ] CC / BCC fields — compose currently only has To | |
| 136 | + | - [ ] Multiple recipients — single to_address field needs comma or chip input | |
| 137 | + | - [ ] Attachment sending — can receive but not attach to outbound | |
| 138 | + | - [ ] Signatures — per-account email signature | |
| 139 | + | - [ ] Drafts (real) — current drafts save as regular emails with draft@local address | |
| 140 | + | - [ ] Contact autocomplete — recipient address completion | |
| 141 | + | - [ ] Email search UI — FTS backend exists, no email-specific search in UI | |
| 142 | + | - [ ] Attachment download/open — metadata extracted, no UI to save/open | |
| 143 | + | - [ ] Keyboard shortcuts — only Cmd+Enter and Escape currently | |
| 144 | + | - [ ] Quoted text collapse — threads get unreadable without it | |
| 145 | + | - [ ] Labels / folders — only INBOX + Archive, no custom organization | |
| 146 | + | - [ ] Notifications — system notifications on new mail | |
| 147 | + | ||
| 148 | + | --- | |
| 149 | + | ||
| 95 | 150 | ## Shared Code Extraction (Cross-Project) | |
| 96 | 151 | ||
| 97 | 152 | ### Remaining |