UNPKG

woaru

Version:

Universal Project Setup Autopilot - Analyze and automatically configure development tools for ANY programming language

github.com/iamthamanic/WOARU-WorkaroundUltra

iamthamanic/WOARU-WorkaroundUltra

205 lines 7.25 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
import * as path from 'path'; export class BaseAction { async runCommand(command, args, cwd, options = {}) { const { spawn } = await import('child_process'); const { timeout = 30000 } = options; return new Promise((resolve, reject) => { // Validate command to prevent injection if (!this.isValidCommand(command)) { reject(new Error(`Invalid command: ${command}`)); return; } // Sanitize arguments const sanitizedArgs = args.map(arg => this.sanitizeArgument(arg)); const child = spawn(command, sanitizedArgs, { cwd: this.sanitizePath(cwd), stdio: 'pipe', shell: false, // Disable shell to prevent injection env: { ...process.env, ...options.env }, }); let output = ''; let errorOutput = ''; let timeoutId = null; // Set up timeout if (timeout > 0) { timeoutId = setTimeout(() => { child.kill('SIGTERM'); reject(new Error(`Command timed out after ${timeout}ms`)); }, timeout); } child.stdout?.on('data', data => { output += data.toString(); }); child.stderr?.on('data', data => { errorOutput += data.toString(); }); child.on('error', error => { if (timeoutId) clearTimeout(timeoutId); reject(new Error(`Command execution failed: ${error.message}`)); }); child.on('close', code => { if (timeoutId) clearTimeout(timeoutId); resolve({ success: code === 0, output, error: errorOutput || undefined, }); }); }); } // Legacy method for backward compatibility - use with caution async runCommandLegacy(command, cwd) { console.warn('runCommandLegacy is deprecated and unsafe. Use runCommand with explicit args instead.'); // Parse command safely const parts = this.parseCommand(command); if (parts.length === 0) { throw new Error('Invalid command'); } const [cmd, ...args] = parts; const result = await this.runCommand(cmd, args, cwd); return { success: result.success, output: result.output + (result.error || ''), }; } isValidCommand(command) { // Whitelist of allowed commands const allowedCommands = [ 'npm', 'yarn', 'pnpm', 'node', 'npx', 'git', 'cargo', 'rustc', 'python', 'pip', 'go', 'dotnet', 'java', 'javac', 'mvn', 'eslint', 'prettier', 'tsc', 'jest', ]; return allowedCommands.includes(command.toLowerCase()); } sanitizeArgument(arg) { // Remove potentially dangerous characters return arg.replace(/[;&|`$(){}[\]<>]/g, ''); } sanitizePath(filePath) { try { return path.resolve(filePath); } catch { throw new Error(`Invalid path: ${filePath}`); } } parseCommand(command) { // Simple command parser that respects quotes const parts = []; let current = ''; let inQuotes = false; let quoteChar = ''; for (let i = 0; i < command.length; i++) { const char = command[i]; if ((char === '"' || char === "'") && !inQuotes) { inQuotes = true; quoteChar = char; } else if (char === quoteChar && inQuotes) { inQuotes = false; quoteChar = ''; } else if (char === ' ' && !inQuotes) { if (current.length > 0) { parts.push(current); current = ''; } } else { current += char; } } if (current.length > 0) { parts.push(current); } return parts; } async fileExists(filePath) { const fs = await import('fs-extra'); return fs.pathExists(filePath); } async readJsonFile(filePath) { const fs = await import('fs-extra'); try { // Validate file path to prevent directory traversal const sanitizedPath = this.sanitizePath(filePath); return (await fs.readJson(sanitizedPath)); } catch (error) { console.warn(`Failed to read JSON file ${filePath}:`, error); return null; } } async writeJsonFile(filePath, data) { const fs = await import('fs-extra'); try { // Validate file path and ensure directory exists const sanitizedPath = this.sanitizePath(filePath); const path = await import('path'); await fs.ensureDir(path.dirname(sanitizedPath)); // Atomic write using temporary file const tempFile = `${sanitizedPath}.tmp`; await fs.writeJson(tempFile, data, { spaces: 2 }); await fs.move(tempFile, sanitizedPath, { overwrite: true }); } catch (error) { throw new Error(`Failed to write JSON file ${filePath}: ${error}`); } } async createBackup(filePath) { const fs = await import('fs-extra'); try { const sanitizedPath = this.sanitizePath(filePath); const timestamp = new Date().toISOString().replace(/[:.]/g, '-'); const backupPath = `${sanitizedPath}.woaru-backup-${timestamp}`; if (await fs.pathExists(sanitizedPath)) { await fs.copy(sanitizedPath, backupPath); // Limit number of backup files (keep last 5) await this.cleanupOldBackups(sanitizedPath); } return backupPath; } catch (error) { throw new Error(`Failed to create backup for ${filePath}: ${error}`); } } async cleanupOldBackups(originalPath) { const fs = await import('fs-extra'); const path = await import('path'); try { const dir = path.dirname(originalPath); const basename = path.basename(originalPath); const files = await fs.readdir(dir); const backupFiles = files .filter(file => file.startsWith(`${basename}.woaru-backup-`)) .sort() .reverse(); // Most recent first // Keep only the 5 most recent backups for (let i = 5; i < backupFiles.length; i++) { await fs.remove(path.join(dir, backupFiles[i])); } } catch (error) { console.warn('Failed to cleanup old backups:', error); } } } //# sourceMappingURL=BaseAction.js.map