Parent
Epic #426, Plan: .local/plan/m26.1-output-filtering-improvements.md
Priority: P0 (security critical)
Problem
Aggressive filtering can hide security-critical warnings (e.g., unused Result on decrypt_password, panic traces, SQL injection patterns).
Design
SecurityPatterns struct with compiled regex list covering 6 categories:
- Rust compiler warnings (
unused Result, panic at, unwrap())
- Unsafe code (
unsafe code, FFI, raw pointer)
- Auth (
authentication failed, unauthorized, 401/403)
- Crypto (
weak cipher, deprecated algorithm, MD5, SHA-1)
- SQL/Injection (
SQL injection, unsafe query)
- Dependencies (
RUSTSEC-, security advisory)
All filters call security whitelist before returning. Appends preserved lines with visual separator. User-defined patterns via config (additive).
Acceptance Criteria
Parent
Epic #426, Plan:
.local/plan/m26.1-output-filtering-improvements.mdPriority: P0 (security critical)
Problem
Aggressive filtering can hide security-critical warnings (e.g.,
unused Resultondecrypt_password, panic traces, SQL injection patterns).Design
SecurityPatternsstruct with compiled regex list covering 6 categories:unused Result,panic at,unwrap())unsafe code,FFI,raw pointer)authentication failed,unauthorized,401/403)weak cipher,deprecated algorithm,MD5,SHA-1)SQL injection,unsafe query)RUSTSEC-,security advisory)All filters call security whitelist before returning. Appends preserved lines with visual separator. User-defined patterns via config (additive).
Acceptance Criteria
SecurityPatternsstruct with regex listextract_security_lines()method