UNPKG

claude-flow

Version:

Ruflo - Enterprise AI agent orchestration for Claude Code. Deploy 60+ specialized agents in coordinated swarms with self-learning, fault-tolerant consensus, vector memory, and MCP integration

github.com/ruvnet/claude-flow

ruvnet/claude-flow

157 lines (137 loc) 5.31 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
#!/usr/bin/env node /** * Safe GitHub CLI Helper — v1.0.0 * * Prevents injection issues when using `gh` commands with untrusted content * (PR bodies, issue bodies, comment bodies) by routing the body through a * temp file and using `--body-file` rather than interpolating into shell args. * * ADR-127 Phase 2 hardening: * - GITHUB_SAFE_VERSION exported for smoke assertions. * - Explicit 256KB body cap: rejects oversized bodies before any temp-file * write, matching the GitHub API `body` field limit. * - Strict error handling: all execSync calls inside try/catch; cleanup in * finally; non-zero exit on any error. * - GITHUB_SAFE_DRY_RUN=1 env-var skips the actual `gh` exec for testing. * * Usage: * ./github-safe.js issue comment 123 "Message with \`backticks\`" * ./github-safe.js pr create --title "Title" --body "Complex body" */ import { execSync, execFileSync } from 'child_process'; import { writeFileSync, unlinkSync } from 'fs'; import { tmpdir } from 'os'; import { join } from 'path'; import { randomBytes } from 'crypto'; // Version constant — asserted by smoke-github-safe-injection.mjs. export const GITHUB_SAFE_VERSION = '1.0.0'; // Maximum body size allowed (bytes). The GitHub API enforces 65536 chars for // issue/PR bodies; the CLI is more lenient but the 256KB limit is a // conservative safety cap that prevents accidental oversized writes. const MAX_BODY_BYTES = 256 * 1024; const args = process.argv.slice(2); if (args.length < 2) { console.log(` Safe GitHub CLI Helper v${GITHUB_SAFE_VERSION} Usage: ./github-safe.js issue comment <number> <body> ./github-safe.js pr comment <number> <body> ./github-safe.js issue create --title <title> --body <body> ./github-safe.js pr create --title <title> --body <body> This helper prevents injection issues with special characters: - Backticks in code examples - Command substitution $(...) - Semicolons and other shell metacharacters - Oversized bodies (> 256 KB rejected) `); process.exit(1); } const [command, subcommand, ...restArgs] = args; // Handle commands that need body content if ((command === 'issue' || command === 'pr') && (subcommand === 'comment' || subcommand === 'create')) { let bodyIndex = -1; let body = ''; if (subcommand === 'comment' && restArgs.length >= 2) { // Simple format: github-safe.js issue comment 123 "body" body = restArgs[1]; bodyIndex = 1; } else { // Flag format: --body "content" bodyIndex = restArgs.indexOf('--body'); if (bodyIndex !== -1 && bodyIndex < restArgs.length - 1) { body = restArgs[bodyIndex + 1]; } } if (body) { // Enforce 256KB cap before any file I/O. const bodyBytes = Buffer.byteLength(body, 'utf8'); if (bodyBytes > MAX_BODY_BYTES) { console.error( `[ERROR] Body exceeds maximum allowed size (${bodyBytes} bytes > ${MAX_BODY_BYTES} bytes). ` + 'GitHub API body fields are capped at 256KB. Truncate the body before passing it to github-safe.js.' ); process.exit(1); } // Use temporary file for body content — never interpolate into argv. const tmpFile = join(tmpdir(), `gh-body-${randomBytes(8).toString('hex')}.tmp`); try { writeFileSync(tmpFile, body, 'utf8'); // Build new command with --body-file const newArgs = [...restArgs]; if (subcommand === 'comment' && bodyIndex === 1) { // Replace positional body arg with --body-file newArgs[1] = '--body-file'; newArgs.push(tmpFile); } else if (bodyIndex !== -1) { // Replace --body flag pair with --body-file newArgs[bodyIndex] = '--body-file'; newArgs[bodyIndex + 1] = tmpFile; } // Skip actual gh exec in dry-run mode (used by smoke tests). if (process.env.GITHUB_SAFE_DRY_RUN === '1') { const ghArgs = [command, subcommand, ...newArgs]; console.log(`[DRY-RUN] gh ${ghArgs.join(' ')}`); process.exit(0); } const ghArgv = [command, subcommand, ...newArgs]; console.log(`Executing: gh ${ghArgv.join(' ')}`); // Use execFileSync to avoid shell interpolation — args are passed as an // array so shell metacharacters in tmpFile path cannot be exploited. execFileSync('gh', ghArgv, { stdio: 'inherit', timeout: 30000, }); } catch (error) { console.error('[ERROR]', error.message); process.exit(1); } finally { // Always clean up the temp file. try { unlinkSync(tmpFile); } catch (_) { /* ignore cleanup errors */ } } } else { // No body content — execute normally (no injection risk for args). if (process.env.GITHUB_SAFE_DRY_RUN === '1') { console.log(`[DRY-RUN] gh ${args.join(' ')}`); process.exit(0); } try { execFileSync('gh', args, { stdio: 'inherit' }); } catch (error) { console.error('[ERROR]', error.message); process.exit(1); } } } else { // Non-body commands — execute normally. if (process.env.GITHUB_SAFE_DRY_RUN === '1') { console.log(`[DRY-RUN] gh ${args.join(' ')}`); process.exit(0); } try { execFileSync('gh', args, { stdio: 'inherit' }); } catch (error) { console.error('[ERROR]', error.message); process.exit(1); } }