Context fill-in and CI tests

This commit adds common units tests and CI sanitasion. Additional context for commit b64d9c4498: - Fixed macOS/Linux non-portable and unsafe shell usage by adding a posix_spawn helper and replacing system() calls in virtual_interface.cpp. - Fixed SessionRegistry::erase() to remove mIPSessions and mSessionIPs entries in session_registry.cpp. - Prevented message-length truncation in tcp_message_handler.cpp by rejecting payloads > 65535 bytes. - Validated handshake message sizes and removed silent truncation in: - tcp_connection.cpp - tcp_client.cpp - Canonicalized and validated config and whitelist paths in utils.cpp using std::filesystem. - Hardened environment-provided config path handling in main.cpp. - Validated UDP ciphertext lengths and fixed session ID endianness in udp_client.cpp. - Scheduled periodic SessionRegistry::cleanupExpired() in main.cpp (every 5 minutes).
2026-05-25 12:29:19 +02:00
parent 60795c60d8
commit afe10bbb6e
6 changed files with 228 additions and 0 deletions
--- a/.github/workflows/sanitizers.yml
+++ b/.github/workflows/sanitizers.yml
@@ -0,0 +1,39 @@
+name: Sanitizers
+
+on:
+  push:
+    branches: [ main, master ]
+  pull_request:
+    branches: [ main, master ]
+
+jobs:
+  build-and-test:
+    runs-on: ubuntu-latest
+    env:
+      SANITIZERS: "-fsanitize=address,undefined -fno-omit-frame-pointer -g -O1"
+      ASAN_OPTIONS: "detect_leaks=1:abort_on_error=1"
+      UBSAN_OPTIONS: "print_stacktrace=1"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y cmake build-essential clang
+
+      - name: Configure (CMake)
+        run: |
+          mkdir -p build-sanitizers
+          cd build-sanitizers
+          CC=clang CXX=clang++ cmake -DCMAKE_BUILD_TYPE=Debug -DCMAKE_CXX_FLAGS="$SANITIZERS" -DCMAKE_EXE_LINKER_FLAGS="$SANITIZERS" ..
+
+      - name: Build
+        run: |
+          cd build-sanitizers
+          cmake --build . -- -j
+
+      - name: Run tests
+        run: |
+          cd build-sanitizers
+          ctest --output-on-failure || (echo "ctest failed"; exit 1)