harden long-running scans and simplify CLI output#595
Conversation
|
Let me take a look. THX. |
|
感谢 PR,这个方向整体是不错的,尤其是长时间扫描、取消逻辑、输出落盘和 POC 预编译这些部分,思路我认可。 不过 Web 端这部分先不要全部删除。 除了“完全移除 Web 端”这一点之外,其他改动目前看没有明显问题。你这边如果开发完成、准备审核,随时可以把 Draft 转成正式 PR,我会继续 review。 Thanks for the PR. Overall, I like the direction, especially the hardening around long-running scans, cancellation, disk-backed output, and POC precompilation. However, please do not remove the Web side entirely for now. Since Other than the complete removal of the Web side, the rest of the changes look generally fine to me. Once you finish the work and want a full review, feel free to mark the PR as ready for review. |
What changed
-ovaluesWhy
Large scans could appear to stall when nested concurrency, resource exhaustion, late plugin results, and unbounded in-memory result collection interacted. Web POC execution also rebuilt identical CEL programs for every target. The repository additionally carried an unfinished standalone lab application and generated benchmark outputs that were not part of the scanner build.
This change gives scan work a bounded lifecycle, moves result retention to disk, prepares reusable POC execution plans at load time, adds focused middleware coverage without turning fscan into a heavyweight vulnerability scanner, and leaves the repository focused on the CLI scanner and its maintained tests and examples.
Impact
Validation
Earlier hardening validation:
go test ./... -count=1 -timeout=15mgo vet ./...golangci-lint v2.12.1(0 issues)Latest middleware and cleanup validation:
go build ./...go test ./webscan -run TestEmbeddedPocsArePreparedAtLoadTime -count=1 -timeout=3m