fix: address code review findings (critical + important + minor)

Critical fixes: - C1: Fix GDI handle leak in IconGenerator (lazy singletons + DestroyIcon) - C2: Add appsettings.json to .gitignore, provide template - C3: Properly dispose IHost on exit Important fixes: - I1: Add SpamGuardOptionsValidator for startup config validation - I3: Use UID range queries instead of SearchQuery.All - I4: Only scan recent Sent messages after initial full scan - I5: Atomic file writes (write-to-temp, then rename) - I6: Set 30s HTTP timeout and base address on HttpClient - I7: Remove duplicate AddSingleton<EmailClassifier> (DI conflict) - I8: Better HTML stripping (script/style removal, entity decoding) Minor fixes: - M1: Delete placeholder UnitTest1.cs - M2: Wire MaxActivityLogEntries config to ActivityLog constructor - M4: Log warnings instead of bare catch blocks - M5: Dispose JsonDocument instances - M8: Use AppContext.BaseDirectory for appsettings.json path - M9: Truncate NotifyIcon.Text to 127 chars Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-07 11:57:12 +01:00
parent cd9adc5a54
commit 66cca61b21
12 changed files with 181 additions and 45 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -482,3 +482,6 @@ $RECYCLE.BIN/
 # Vim temporary swap files
 *.swp
 # User configuration with secrets
 src/SpamGuard/appsettings.json
--- a/src/SpamGuard/Configuration/SpamGuardOptionsValidator.cs
+++ b/src/SpamGuard/Configuration/SpamGuardOptionsValidator.cs
@@ -0,0 +1,24 @@
 namespace SpamGuard.Configuration;
 using Microsoft.Extensions.Options;
 public sealed class SpamGuardOptionsValidator : IValidateOptions<SpamGuardOptions>
 {
    public ValidateOptionsResult Validate(string? name, SpamGuardOptions options)
    {
        var errors = new List<string>();
        if (string.IsNullOrWhiteSpace(options.Imap.Host))
            errors.Add("SpamGuard:Imap:Host is required.");
        if (string.IsNullOrWhiteSpace(options.Imap.Username))
            errors.Add("SpamGuard:Imap:Username is required.");
        if (string.IsNullOrWhiteSpace(options.Imap.Password))
            errors.Add("SpamGuard:Imap:Password is required.");
        if (string.IsNullOrWhiteSpace(options.Claude.ApiKey))
            errors.Add("SpamGuard:Claude:ApiKey is required.");
        return errors.Count > 0
            ? ValidateOptionsResult.Fail(errors)
            : ValidateOptionsResult.Success;
    }
 }
--- a/src/SpamGuard/Program.cs
+++ b/src/SpamGuard/Program.cs
@@ -1,7 +1,7 @@
 // src/SpamGuard/Program.cs
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
 using Microsoft.Extensions.Options;
 using Serilog;
 using SpamGuard.Configuration;
 using SpamGuard.Services;
@@ -31,13 +31,16 @@ static class Program
                retainedFileCountLimit: 7)
            .CreateLogger();
        IHost? host = null;
        try
        {
-            var host = Host.CreateDefaultBuilder()
+            host = Host.CreateDefaultBuilder()
                .UseSerilog()
                .ConfigureAppConfiguration((context, config) =>
                {
-                    config.AddJsonFile("appsettings.json", optional: false);
+                    config.AddJsonFile(
                        Path.Combine(AppContext.BaseDirectory, "appsettings.json"),
                        optional: false);
                    config.AddEnvironmentVariables("SPAMGUARD_");
                })
                .ConfigureServices((context, services) =>
@@ -45,15 +48,28 @@ static class Program
                    services.Configure<SpamGuardOptions>(
                        context.Configuration.GetSection(SpamGuardOptions.SectionName));
                    // Validate required configuration on startup
                    services.AddSingleton<IValidateOptions<SpamGuardOptions>, SpamGuardOptionsValidator>();
                    services.AddOptionsWithValidateOnStart<SpamGuardOptions>();
                    // State stores
                    services.AddSingleton(new ProcessedUidStore(dataDir));
                    services.AddSingleton(new TrustedSenderStore(dataDir));
                    // Services
-                    services.AddSingleton<ActivityLog>();
+                    services.AddSingleton(sp =>
                    {
                        var opts = sp.GetRequiredService<IOptions<SpamGuardOptions>>().Value;
                        return new ActivityLog(opts.Monitoring.MaxActivityLogEntries);
                    });
                    services.AddSingleton<ImapClientFactory>();
-                    services.AddSingleton<EmailClassifier>();
+
-                    services.AddHttpClient<EmailClassifier>();
+                    // EmailClassifier with managed HttpClient (timeout + base address)
                    services.AddHttpClient<EmailClassifier>(client =>
                    {
                        client.Timeout = TimeSpan.FromSeconds(30);
                        client.BaseAddress = new Uri("https://api.anthropic.com/");
                    });
                    // Background services
                    services.AddSingleton<InboxMonitorService>();
@@ -72,6 +88,8 @@ static class Program
        }
        finally
        {
            host?.StopAsync().GetAwaiter().GetResult();
            host?.Dispose();
            Log.CloseAndFlush();
        }
    }
--- a/src/SpamGuard/Services/EmailClassifier.cs
+++ b/src/SpamGuard/Services/EmailClassifier.cs
@@ -74,7 +74,7 @@ public sealed partial class EmailClassifier
        };
        var json = JsonSerializer.Serialize(requestBody);
-        var request = new HttpRequestMessage(HttpMethod.Post, "https://api.anthropic.com/v1/messages")
+        var request = new HttpRequestMessage(HttpMethod.Post, "v1/messages")
        {
            Content = new StringContent(json, Encoding.UTF8, "application/json")
        };
@@ -85,7 +85,7 @@ public sealed partial class EmailClassifier
        response.EnsureSuccessStatusCode();
        var responseJson = await response.Content.ReadAsStringAsync(ct);
-        var doc = JsonDocument.Parse(responseJson);
+        using var doc = JsonDocument.Parse(responseJson);
        var text = doc.RootElement
            .GetProperty("content")[0]
            .GetProperty("text")
@@ -110,7 +110,7 @@ public sealed partial class EmailClassifier
        try
        {
-            var doc = JsonDocument.Parse(cleaned);
+            using var doc = JsonDocument.Parse(cleaned);
            var root = doc.RootElement;
            return new ClassificationResult(
--- a/src/SpamGuard/Services/InboxMonitorService.cs
+++ b/src/SpamGuard/Services/InboxMonitorService.cs
@@ -11,7 +11,7 @@ using SpamGuard.Configuration;
 using SpamGuard.Models;
 using SpamGuard.State;
-public sealed class InboxMonitorService : BackgroundService
+public sealed partial class InboxMonitorService : BackgroundService
 {
    private readonly ImapClientFactory _imapFactory;
    private readonly TrustedSenderStore _trustedSenders;
@@ -22,6 +22,7 @@ public sealed class InboxMonitorService : BackgroundService
    private readonly ILogger<InboxMonitorService> _logger;
    private volatile bool _paused;
    private uint _lastSeenUid;
    public bool IsPaused => _paused;
    public void Pause() => _paused = true;
@@ -84,12 +85,25 @@ public sealed class InboxMonitorService : BackgroundService
        var inbox = client.Inbox;
        await inbox.OpenAsync(FolderAccess.ReadWrite, ct);
-        // Build search query: recent messages only
+        // Build search query: only fetch new messages
-        var since = _processedUids.Count == 0
+        IList<UniqueId> uids;
-            ? SearchQuery.DeliveredAfter(DateTime.UtcNow.AddDays(-_options.Monitoring.InitialScanDays))
+        if (_lastSeenUid > 0)
-            : SearchQuery.All;
+        {
-
+            var range = new UniqueIdRange(new UniqueId(_lastSeenUid + 1), UniqueId.MaxValue);
-        var uids = await inbox.SearchAsync(since, ct);
+            uids = await inbox.SearchAsync(range, SearchQuery.All, ct);
        }
        else if (_processedUids.Count > 0)
        {
            // Resuming from persisted state -- scan recent messages only
            uids = await inbox.SearchAsync(
                SearchQuery.DeliveredAfter(DateTime.UtcNow.AddDays(-1)), ct);
        }
        else
        {
            // First ever run -- initial scan window
            uids = await inbox.SearchAsync(
                SearchQuery.DeliveredAfter(DateTime.UtcNow.AddDays(-_options.Monitoring.InitialScanDays)), ct);
        }
        _logger.LogDebug("Found {Count} messages in inbox", uids.Count);
        // Find the spam/junk folder
@@ -98,7 +112,10 @@ public sealed class InboxMonitorService : BackgroundService
        foreach (var uid in uids)
        {
            if (_processedUids.Contains(uid.Id))
            {
                if (uid.Id > _lastSeenUid) _lastSeenUid = uid.Id;
                continue;
            }
            try
            {
@@ -109,8 +126,10 @@ public sealed class InboxMonitorService : BackgroundService
                _logger.LogError(ex, "Error processing UID={Uid}", uid.Id);
                _activityLog.Add(new ActivityEntry(
                    DateTime.UtcNow, "", $"UID {uid.Id}", Verdict.Error, null, ex.Message));
-                _processedUids.Add(uid.Id); // Skip on next run to avoid infinite retry
+                _processedUids.Add(uid.Id);
            }
            if (uid.Id > _lastSeenUid) _lastSeenUid = uid.Id;
        }
        await client.DisconnectAsync(true, ct);
@@ -182,15 +201,30 @@ public sealed class InboxMonitorService : BackgroundService
    private static string ExtractBodySnippet(MimeMessage message)
    {
-        var text = message.TextBody ?? message.HtmlBody ?? "";
+        var text = message.TextBody;
-        // Strip HTML tags if we fell back to HTML body
+        if (text == null && message.HtmlBody != null)
-        if (message.TextBody == null && message.HtmlBody != null)
+        {
-            text = System.Text.RegularExpressions.Regex.Replace(text, "<[^>]+>", " ");
+            // Strip script and style blocks first, then remaining tags
            text = StripScriptStyle().Replace(message.HtmlBody, " ");
            text = StripHtmlTags().Replace(text, " ");
            text = System.Net.WebUtility.HtmlDecode(text);
            text = CollapseWhitespace().Replace(text, " ").Trim();
        }
        text ??= "";
        return text.Length > 2000 ? text[..2000] : text;
    }
    [System.Text.RegularExpressions.GeneratedRegex(@"<(script|style)[^>]*>[\s\S]*?</\1>", System.Text.RegularExpressions.RegexOptions.IgnoreCase)]
    private static partial System.Text.RegularExpressions.Regex StripScriptStyle();
    [System.Text.RegularExpressions.GeneratedRegex(@"<[^>]+>")]
    private static partial System.Text.RegularExpressions.Regex StripHtmlTags();
    [System.Text.RegularExpressions.GeneratedRegex(@"\s{2,}")]
    private static partial System.Text.RegularExpressions.Regex CollapseWhitespace();
    private async Task<IMailFolder?> FindSpamFolderAsync(MailKit.Net.Imap.ImapClient client, CancellationToken ct)
    {
        // Try special folder first
@@ -199,7 +233,10 @@ public sealed class InboxMonitorService : BackgroundService
            var junk = client.GetFolder(MailKit.SpecialFolder.Junk);
            if (junk != null) return junk;
        }
-        catch { }
+        catch (Exception ex)
        {
            _logger.LogDebug(ex, "Could not get Junk special folder");
        }
        // Fall back to configured folder name
        try
@@ -209,7 +246,10 @@ public sealed class InboxMonitorService : BackgroundService
            return folders.FirstOrDefault(f =>
                f.Name.Equals(_options.Monitoring.SpamFolderName, StringComparison.OrdinalIgnoreCase));
        }
-        catch { }
+        catch (Exception ex)
        {
            _logger.LogDebug(ex, "Could not find spam folder by name '{FolderName}'", _options.Monitoring.SpamFolderName);
        }
        return null;
    }
--- a/src/SpamGuard/Services/TrustedSenderService.cs
+++ b/src/SpamGuard/Services/TrustedSenderService.cs
@@ -16,6 +16,7 @@ public sealed class TrustedSenderService : BackgroundService
    private readonly TrustedSenderStore _store;
    private readonly SpamGuardOptions _options;
    private readonly ILogger<TrustedSenderService> _logger;
    private bool _initialScanDone;
    public TrustedSenderService(
        ImapClientFactory imapFactory,
@@ -63,8 +64,13 @@ public sealed class TrustedSenderService : BackgroundService
        await sentFolder.OpenAsync(FolderAccess.ReadOnly, ct);
-        var uids = await sentFolder.SearchAsync(SearchQuery.All, ct);
+        // After initial full scan, only check messages from the last refresh period
-        _logger.LogDebug("Found {Count} messages in Sent folder", uids.Count);
+        var query = _initialScanDone
            ? SearchQuery.DeliveredAfter(DateTime.UtcNow.AddMinutes(-_options.Monitoring.TrustedSenderRefreshMinutes))
            : SearchQuery.All;
        var uids = await sentFolder.SearchAsync(query, ct);
        _logger.LogDebug("Found {Count} messages in Sent folder to scan", uids.Count);
        var addresses = new List<string>();
        foreach (var uid in uids)
@@ -74,6 +80,7 @@ public sealed class TrustedSenderService : BackgroundService
        }
        _store.AddRange(addresses);
        _initialScanDone = true;
        await client.DisconnectAsync(true, ct);
    }
--- a/src/SpamGuard/State/ProcessedUidStore.cs
+++ b/src/SpamGuard/State/ProcessedUidStore.cs
@@ -52,7 +52,9 @@ public sealed class ProcessedUidStore
        lock (_lock)
        {
            var json = JsonSerializer.Serialize(_uids);
-            File.WriteAllText(_filePath, json);
+            var tempPath = _filePath + ".tmp";
            File.WriteAllText(tempPath, json);
            File.Move(tempPath, _filePath, overwrite: true);
        }
    }
--- a/src/SpamGuard/State/TrustedSenderStore.cs
+++ b/src/SpamGuard/State/TrustedSenderStore.cs
@@ -50,7 +50,9 @@ public sealed class TrustedSenderStore
        lock (_lock)
        {
            var json = JsonSerializer.Serialize(_senders);
-            File.WriteAllText(_filePath, json);
+            var tempPath = _filePath + ".tmp";
            File.WriteAllText(tempPath, json);
            File.Move(tempPath, _filePath, overwrite: true);
        }
    }
--- a/src/SpamGuard/Tray/IconGenerator.cs
+++ b/src/SpamGuard/Tray/IconGenerator.cs
@@ -2,10 +2,23 @@ namespace SpamGuard.Tray;
 using System.Drawing;
 using System.Drawing.Drawing2D;
 using System.Runtime.InteropServices;
 public static class IconGenerator
 {
-    public static Icon CreateCircleIcon(Color color, int size = 16)
+    private static readonly Lazy<Icon> _green = new(() => CreateCircleIcon(Color.FromArgb(76, 175, 80)));
    private static readonly Lazy<Icon> _yellow = new(() => CreateCircleIcon(Color.FromArgb(255, 193, 7)));
    private static readonly Lazy<Icon> _red = new(() => CreateCircleIcon(Color.FromArgb(244, 67, 54)));
    public static Icon Green => _green.Value;
    public static Icon Yellow => _yellow.Value;
    public static Icon Red => _red.Value;
    [DllImport("user32.dll", SetLastError = true)]
    [return: MarshalAs(UnmanagedType.Bool)]
    private static extern bool DestroyIcon(IntPtr handle);
    private static Icon CreateCircleIcon(Color color, int size = 16)
    {
        using var bitmap = new Bitmap(size, size);
        using var graphics = Graphics.FromImage(bitmap);
@@ -15,14 +28,12 @@ public static class IconGenerator
        using var brush = new SolidBrush(color);
        graphics.FillEllipse(brush, 1, 1, size - 2, size - 2);
        // Add a subtle border
        using var pen = new Pen(Color.FromArgb(100, 0, 0, 0), 1);
        graphics.DrawEllipse(pen, 1, 1, size - 3, size - 3);
-        return Icon.FromHandle(bitmap.GetHicon());
+        var hIcon = bitmap.GetHicon();
        var icon = (Icon)Icon.FromHandle(hIcon).Clone();
        DestroyIcon(hIcon);
        return icon;
    }
    public static Icon Green => CreateCircleIcon(Color.FromArgb(76, 175, 80));
    public static Icon Yellow => CreateCircleIcon(Color.FromArgb(255, 193, 7));
    public static Icon Red => CreateCircleIcon(Color.FromArgb(244, 67, 54));
 }
--- a/src/SpamGuard/Tray/TrayApplicationContext.cs
+++ b/src/SpamGuard/Tray/TrayApplicationContext.cs
@@ -48,7 +48,8 @@ public sealed class TrayApplicationContext : ApplicationContext
    {
        var checked_ = _activityLog.TodayChecked;
        var spam = _activityLog.TodaySpam;
-        _notifyIcon.Text = $"SpamGuard - {checked_} checked, {spam} spam caught today";
+        var tooltip = $"SpamGuard - {checked_} checked, {spam} spam caught today";
        _notifyIcon.Text = tooltip.Length > 127 ? tooltip[..127] : tooltip;
        // Update icon based on state
        if (!_monitor.IsPaused)
--- a/src/SpamGuard/appsettings.template.json
+++ b/src/SpamGuard/appsettings.template.json
@@ -0,0 +1,38 @@
 {
  "SpamGuard": {
    "Imap": {
      "Host": "imap.example.com",
      "Port": 993,
      "UseSsl": true,
      "Username": "user@example.com",
      "Password": ""
    },
    "Claude": {
      "ApiKey": "",
      "Model": "claude-sonnet-4-6",
      "MaxBodyLength": 2000
    },
    "Monitoring": {
      "PollIntervalSeconds": 60,
      "TrustedSenderRefreshMinutes": 60,
      "SpamConfidenceThreshold": 0.7,
      "SpamFolderName": "Junk",
      "InitialScanDays": 7,
      "MaxActivityLogEntries": 500
    }
  },
  "Serilog": {
    "MinimumLevel": "Information",
    "WriteTo": [
      { "Name": "Console" },
      {
        "Name": "File",
        "Args": {
          "path": "%APPDATA%/SpamGuard/logs/spamguard-.log",
          "rollingInterval": "Day",
          "retainedFileCountLimit": 7
        }
      }
    ]
  }
 }
--- a/tests/SpamGuard.Tests/UnitTest1.cs
+++ b/tests/SpamGuard.Tests/UnitTest1.cs
@@ -1,10 +0,0 @@
 namespace SpamGuard.Tests;
 public class UnitTest1
 {
    [Fact]
    public void Test1()
    {
    }
 }