makit 0.0.168 → 0.0.169

data/lib/makit/commands/middleware/validator.rb

@@ -1,269 +1,269 @@
-# frozen_string_literal: true
-
-require "shellwords"
-require "uri"
-
-module Makit
-  module Commands
-    # Custom exception for security-related command validation failures
-    class SecurityError < StandardError; end
-
-    module Middleware
-      # Validation middleware that provides input sanitization and security checks
-      # for command execution contexts.
-      #
-      # This middleware validates and sanitizes:
-      # - Command strings for shell injection attacks
-      # - File paths for directory traversal
-      # - URLs for malicious schemes
-      # - Environment variables for sensitive data
-      # - Arguments for dangerous patterns
-      #
-      # @example Basic usage
-      #   validator = Commands::Middleware::Validator.new
-      #   context = Commands::Context.new(command: 'ls -la')
-      #   validated_context = validator.call(context)
-      #
-      # @example With custom validation rules
-      #   validator = Commands::Middleware::Validator.new(
-      #     allow_shell_operators: false,
-      #     blocked_commands: %w[rm sudo],
-      #     max_command_length: 500
-      #   )
-      class Validator
-        # Default blocked commands that pose security risks
-        DEFAULT_BLOCKED_COMMANDS = %w[
-          rm rmdir
-          sudo su
-          chmod chown
-          wget curl
-          eval exec
-          python ruby node
-          ssh scp rsync
-          dd fdisk mount umount
-          iptables ufw
-          systemctl service
-          crontab
-          passwd
-        ].freeze
-
-        # Dangerous shell operators and patterns
-        DANGEROUS_PATTERNS = [
-          /[;&|`$(){}]/, # Shell operators and command substitution
-          %r{\.\./}, # Directory traversal
-          %r{/etc/|/proc/|/sys/}, # Sensitive system directories
-          /\$\{[^}]*\}/, # Variable expansion
-          %r{~[^/\s]*}, # User home directory expansion
-          %r{\bfile://|ftp://|https?://[^\s]*\.(sh|py|rb|js|exe|bat)\b}i, # Executable URLs
-        ].freeze
-
-        # Maximum allowed lengths for various inputs
-        DEFAULT_LIMITS = {
-          command_length: 1000,
-          argument_length: 500,
-          path_length: 1000,
-          env_var_value_length: 2000,
-        }.freeze
-
-        attr_reader :options
-
-        # Initialize the validator with security options
-        #
-        # @param options [Hash] Configuration options
-        # @option options [Boolean] :allow_shell_operators (false) Allow shell operators like ;, |, &
-        # @option options [Array<String>] :blocked_commands Commands to block
-        # @option options [Hash] :limits Length limits for various inputs
-        # @option options [Boolean] :strict_mode (true) Enable strict validation
-        # @option options [Array<String>] :allowed_schemes URL schemes to allow
-        def initialize(options = {})
-          @options = {
-            allow_shell_operators: false,
-            blocked_commands: DEFAULT_BLOCKED_COMMANDS,
-            limits: DEFAULT_LIMITS,
-            strict_mode: true,
-            allowed_schemes: %w[http https file],
-            allow_environment_access: false,
-          }.merge(options)
-        end
-
-        # Validate and sanitize the command context
-        #
-        # @param context [Commands::Context] The command execution context
-        # @return [Commands::Context] Validated context
-        # @raise [Commands::SecurityError] If validation fails
-        def call(context)
-          validate_command!(context.command) if context.command
-          validate_arguments!(context.arguments) if context.arguments
-          validate_environment!(context.environment) if context.environment
-          validate_working_directory!(context.working_directory) if context.working_directory
-
-          context
-        rescue StandardError => e
-          raise Commands::SecurityError, "Validation failed: #{e.message}"
-        end
-
-        private
-
-        # Validate the main command string
-        def validate_command!(command)
-          raise Commands::SecurityError, "Empty command" if command.nil? || command.strip.empty?
-
-          if command.length > limits[:command_length]
-            raise Commands::SecurityError,
-                  "Command too long (#{command.length} > #{limits[:command_length]})"
-          end
-
-          # Check for blocked commands
-          command_parts = Shellwords.split(command)
-          base_command = File.basename(command_parts.first || "")
-
-          raise Commands::SecurityError, "Blocked command: #{base_command}" if blocked_commands.include?(base_command)
-
-          # Check for dangerous patterns
-          unless options[:allow_shell_operators]
-            DANGEROUS_PATTERNS.each do |pattern|
-              if command.match?(pattern)
-                raise Commands::SecurityError, "Dangerous pattern detected in command: #{pattern.inspect}"
-              end
-            end
-          end
-
-          # Validate shell escaping
-          begin
-            Shellwords.split(command)
-          rescue ArgumentError => e
-            raise Commands::SecurityError, "Invalid shell command syntax: #{e.message}"
-          end
-        end
-
-        # Validate command arguments
-        def validate_arguments!(arguments)
-          return unless arguments
-
-          arguments.each_with_index do |arg, index|
-            next unless arg
-
-            if arg.length > limits[:argument_length]
-              raise Commands::SecurityError, "Argument #{index} too long (#{arg.length} > #{limits[:argument_length]})"
-            end
-
-            # Check for dangerous patterns in arguments
-            if options[:strict_mode]
-              DANGEROUS_PATTERNS.each do |pattern|
-                if arg.match?(pattern)
-                  raise Commands::SecurityError, "Dangerous pattern in argument #{index}: #{pattern.inspect}"
-                end
-              end
-            end
-
-            # Validate file paths in arguments
-            validate_path!(arg) if looks_like_path?(arg)
-
-            # Validate URLs in arguments
-            validate_url!(arg) if looks_like_url?(arg)
-          end
-        end
-
-        # Validate environment variables
-        def validate_environment!(environment)
-          return unless environment
-
-          environment.each do |key, value|
-            next unless value
-
-            if value.to_s.length > limits[:env_var_value_length]
-              raise Commands::SecurityError, "Environment variable #{key} value too long"
-            end
-
-            # Check for sensitive environment variables
-            if sensitive_env_var?(key) && !options[:allow_environment_access]
-              raise Commands::SecurityError, "Access to sensitive environment variable #{key} not allowed"
-            end
-
-            # Validate environment variable values
-            if options[:strict_mode] && contains_dangerous_content?(value.to_s)
-              raise Commands::SecurityError, "Dangerous content in environment variable #{key}"
-            end
-          end
-        end
-
-        # Validate working directory path
-        def validate_working_directory!(path)
-          validate_path!(path, "working directory")
-        end
-
-        # Validate file system paths
-        def validate_path!(path, context = "path")
-          return if path.nil? || path.empty?
-
-          if path.length > limits[:path_length]
-            raise Commands::SecurityError, "#{context.capitalize} too long (#{path.length} > #{limits[:path_length]})"
-          end
-
-          # Check for directory traversal
-          normalized_path = File.expand_path(path)
-          if path.include?("..") && options[:strict_mode]
-            raise Commands::SecurityError, "Directory traversal detected in #{context}: #{path}"
-          end
-
-          # Check for access to sensitive directories
-          sensitive_dirs = %w[/etc /proc /sys /dev /boot /root]
-          return unless sensitive_dirs.any? { |dir| normalized_path.start_with?(dir) } && options[:strict_mode]
-
-          raise Commands::SecurityError, "Access to sensitive directory in #{context}: #{path}"
-        end
-
-        # Validate URLs
-        def validate_url!(url)
-          uri = URI.parse(url)
-
-          unless options[:allowed_schemes].include?(uri.scheme)
-            raise Commands::SecurityError, "Disallowed URL scheme: #{uri.scheme}"
-          end
-
-          # Check for suspicious hosts
-          if uri.host&.match?(/localhost|127\.0\.0\.1|0\.0\.0\.0/)
-            raise Commands::SecurityError, "Local network access not allowed: #{uri.host}"
-          end
-        rescue URI::InvalidURIError => e
-          raise Commands::SecurityError, "Invalid URL format: #{e.message}"
-        end
-
-        # Check if string looks like a file path
-        def looks_like_path?(str)
-          str.start_with?("/") || str.start_with?("./") || str.start_with?("../") || str.include?(File::SEPARATOR)
-        end
-
-        # Check if string looks like a URL
-        def looks_like_url?(str)
-          str.match?(/\A[a-z][a-z0-9+.-]*:/i)
-        end
-
-        # Check if environment variable is sensitive
-        def sensitive_env_var?(key)
-          sensitive_patterns = %w[
-            PASSWORD SECRET TOKEN KEY API PRIVATE
-            AWS GCP AZURE GITHUB GITLAB
-            DATABASE_URL DB_PASSWORD
-            RAILS_MASTER_KEY
-          ]
-
-          sensitive_patterns.any? { |pattern| key.to_s.upcase.include?(pattern) }
-        end
-
-        # Check if content contains dangerous patterns
-        def contains_dangerous_content?(content)
-          DANGEROUS_PATTERNS.any? { |pattern| content.match?(pattern) }
-        end
-
-        def limits
-          options[:limits]
-        end
-
-        def blocked_commands
-          options[:blocked_commands]
-        end
-      end
-    end
-  end
-end
+# frozen_string_literal: true
+
+require "shellwords"
+require "uri"
+
+module Makit
+  module Commands
+    # Custom exception for security-related command validation failures
+    class SecurityError < StandardError; end
+
+    module Middleware
+      # Validation middleware that provides input sanitization and security checks
+      # for command execution contexts.
+      #
+      # This middleware validates and sanitizes:
+      # - Command strings for shell injection attacks
+      # - File paths for directory traversal
+      # - URLs for malicious schemes
+      # - Environment variables for sensitive data
+      # - Arguments for dangerous patterns
+      #
+      # @example Basic usage
+      #   validator = Commands::Middleware::Validator.new
+      #   context = Commands::Context.new(command: 'ls -la')
+      #   validated_context = validator.call(context)
+      #
+      # @example With custom validation rules
+      #   validator = Commands::Middleware::Validator.new(
+      #     allow_shell_operators: false,
+      #     blocked_commands: %w[rm sudo],
+      #     max_command_length: 500
+      #   )
+      class Validator
+        # Default blocked commands that pose security risks
+        DEFAULT_BLOCKED_COMMANDS = %w[
+          rm rmdir
+          sudo su
+          chmod chown
+          wget curl
+          eval exec
+          python ruby node
+          ssh scp rsync
+          dd fdisk mount umount
+          iptables ufw
+          systemctl service
+          crontab
+          passwd
+        ].freeze
+
+        # Dangerous shell operators and patterns
+        DANGEROUS_PATTERNS = [
+          /[;&|`$(){}]/, # Shell operators and command substitution
+          %r{\.\./}, # Directory traversal
+          %r{/etc/|/proc/|/sys/}, # Sensitive system directories
+          /\$\{[^}]*\}/, # Variable expansion
+          %r{~[^/\s]*}, # User home directory expansion
+          %r{\bfile://|ftp://|https?://[^\s]*\.(sh|py|rb|js|exe|bat)\b}i, # Executable URLs
+        ].freeze
+
+        # Maximum allowed lengths for various inputs
+        DEFAULT_LIMITS = {
+          command_length: 1000,
+          argument_length: 500,
+          path_length: 1000,
+          env_var_value_length: 2000,
+        }.freeze
+
+        attr_reader :options
+
+        # Initialize the validator with security options
+        #
+        # @param options [Hash] Configuration options
+        # @option options [Boolean] :allow_shell_operators (false) Allow shell operators like ;, |, &
+        # @option options [Array<String>] :blocked_commands Commands to block
+        # @option options [Hash] :limits Length limits for various inputs
+        # @option options [Boolean] :strict_mode (true) Enable strict validation
+        # @option options [Array<String>] :allowed_schemes URL schemes to allow
+        def initialize(options = {})
+          @options = {
+            allow_shell_operators: false,
+            blocked_commands: DEFAULT_BLOCKED_COMMANDS,
+            limits: DEFAULT_LIMITS,
+            strict_mode: true,
+            allowed_schemes: %w[http https file],
+            allow_environment_access: false,
+          }.merge(options)
+        end
+
+        # Validate and sanitize the command context
+        #
+        # @param context [Commands::Context] The command execution context
+        # @return [Commands::Context] Validated context
+        # @raise [Commands::SecurityError] If validation fails
+        def call(context)
+          validate_command!(context.command) if context.command
+          validate_arguments!(context.arguments) if context.arguments
+          validate_environment!(context.environment) if context.environment
+          validate_working_directory!(context.working_directory) if context.working_directory
+
+          context
+        rescue StandardError => e
+          raise Commands::SecurityError, "Validation failed: #{e.message}"
+        end
+
+        private
+
+        # Validate the main command string
+        def validate_command!(command)
+          raise Commands::SecurityError, "Empty command" if command.nil? || command.strip.empty?
+
+          if command.length > limits[:command_length]
+            raise Commands::SecurityError,
+                  "Command too long (#{command.length} > #{limits[:command_length]})"
+          end
+
+          # Check for blocked commands
+          command_parts = Shellwords.split(command)
+          base_command = File.basename(command_parts.first || "")
+
+          raise Commands::SecurityError, "Blocked command: #{base_command}" if blocked_commands.include?(base_command)
+
+          # Check for dangerous patterns
+          unless options[:allow_shell_operators]
+            DANGEROUS_PATTERNS.each do |pattern|
+              if command.match?(pattern)
+                raise Commands::SecurityError, "Dangerous pattern detected in command: #{pattern.inspect}"
+              end
+            end
+          end
+
+          # Validate shell escaping
+          begin
+            Shellwords.split(command)
+          rescue ArgumentError => e
+            raise Commands::SecurityError, "Invalid shell command syntax: #{e.message}"
+          end
+        end
+
+        # Validate command arguments
+        def validate_arguments!(arguments)
+          return unless arguments
+
+          arguments.each_with_index do |arg, index|
+            next unless arg
+
+            if arg.length > limits[:argument_length]
+              raise Commands::SecurityError, "Argument #{index} too long (#{arg.length} > #{limits[:argument_length]})"
+            end
+
+            # Check for dangerous patterns in arguments
+            if options[:strict_mode]
+              DANGEROUS_PATTERNS.each do |pattern|
+                if arg.match?(pattern)
+                  raise Commands::SecurityError, "Dangerous pattern in argument #{index}: #{pattern.inspect}"
+                end
+              end
+            end
+
+            # Validate file paths in arguments
+            validate_path!(arg) if looks_like_path?(arg)
+
+            # Validate URLs in arguments
+            validate_url!(arg) if looks_like_url?(arg)
+          end
+        end
+
+        # Validate environment variables
+        def validate_environment!(environment)
+          return unless environment
+
+          environment.each do |key, value|
+            next unless value
+
+            if value.to_s.length > limits[:env_var_value_length]
+              raise Commands::SecurityError, "Environment variable #{key} value too long"
+            end
+
+            # Check for sensitive environment variables
+            if sensitive_env_var?(key) && !options[:allow_environment_access]
+              raise Commands::SecurityError, "Access to sensitive environment variable #{key} not allowed"
+            end
+
+            # Validate environment variable values
+            if options[:strict_mode] && contains_dangerous_content?(value.to_s)
+              raise Commands::SecurityError, "Dangerous content in environment variable #{key}"
+            end
+          end
+        end
+
+        # Validate working directory path
+        def validate_working_directory!(path)
+          validate_path!(path, "working directory")
+        end
+
+        # Validate file system paths
+        def validate_path!(path, context = "path")
+          return if path.nil? || path.empty?
+
+          if path.length > limits[:path_length]
+            raise Commands::SecurityError, "#{context.capitalize} too long (#{path.length} > #{limits[:path_length]})"
+          end
+
+          # Check for directory traversal
+          normalized_path = File.expand_path(path)
+          if path.include?("..") && options[:strict_mode]
+            raise Commands::SecurityError, "Directory traversal detected in #{context}: #{path}"
+          end
+
+          # Check for access to sensitive directories
+          sensitive_dirs = %w[/etc /proc /sys /dev /boot /root]
+          return unless sensitive_dirs.any? { |dir| normalized_path.start_with?(dir) } && options[:strict_mode]
+
+          raise Commands::SecurityError, "Access to sensitive directory in #{context}: #{path}"
+        end
+
+        # Validate URLs
+        def validate_url!(url)
+          uri = URI.parse(url)
+
+          unless options[:allowed_schemes].include?(uri.scheme)
+            raise Commands::SecurityError, "Disallowed URL scheme: #{uri.scheme}"
+          end
+
+          # Check for suspicious hosts
+          if uri.host&.match?(/localhost|127\.0\.0\.1|0\.0\.0\.0/)
+            raise Commands::SecurityError, "Local network access not allowed: #{uri.host}"
+          end
+        rescue URI::InvalidURIError => e
+          raise Commands::SecurityError, "Invalid URL format: #{e.message}"
+        end
+
+        # Check if string looks like a file path
+        def looks_like_path?(str)
+          str.start_with?("/") || str.start_with?("./") || str.start_with?("../") || str.include?(File::SEPARATOR)
+        end
+
+        # Check if string looks like a URL
+        def looks_like_url?(str)
+          str.match?(/\A[a-z][a-z0-9+.-]*:/i)
+        end
+
+        # Check if environment variable is sensitive
+        def sensitive_env_var?(key)
+          sensitive_patterns = %w[
+            PASSWORD SECRET TOKEN KEY API PRIVATE
+            AWS GCP AZURE GITHUB GITLAB
+            DATABASE_URL DB_PASSWORD
+            RAILS_MASTER_KEY
+          ]
+
+          sensitive_patterns.any? { |pattern| key.to_s.upcase.include?(pattern) }
+        end
+
+        # Check if content contains dangerous patterns
+        def contains_dangerous_content?(content)
+          DANGEROUS_PATTERNS.any? { |pattern| content.match?(pattern) }
+        end
+
+        def limits
+          options[:limits]
+        end
+
+        def blocked_commands
+          options[:blocked_commands]
+        end
+      end
+    end
+  end
+end