npm - @0dai-dev/cli - Versions diffs - 3.3.1 → 3.3.3 - Mend

@0dai-dev/cli 3.3.1 → 3.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/bin/0dai.js +79 -20
package/package.json +1 -1

package/bin/0dai.js CHANGED Viewed

@@ -8,7 +8,26 @@ const path = require("path");
 const os = require("os");
 const VERSION = require("../package.json").version;
-const API_URL = process.env.ODAI_API_URL || "https://api.0dai.dev";
+// CRITICAL: validate API_URL to prevent credential exfiltration to attacker hosts
+function _validateApiUrl(url) {
+  const DEFAULT = "https://api.0dai.dev";
+  if (!url) return DEFAULT;
+  try {
+    const u = new URL(url);
+    // Only allow https (or http for localhost during dev)
+    if (u.protocol === "https:") return url;
+    if (u.protocol === "http:" && (u.hostname === "localhost" || u.hostname === "127.0.0.1" || u.hostname === "::1")) {
+      return url;
+    }
+    console.error(`[0dai] warning: ODAI_API_URL must use https (or http://localhost). Got: ${u.protocol}//${u.hostname}. Ignoring.`);
+    return DEFAULT;
+  } catch {
+    console.error(`[0dai] warning: ODAI_API_URL is not a valid URL, ignoring`);
+    return DEFAULT;
+  }
+}
+const API_URL = _validateApiUrl(process.env.ODAI_API_URL);
 const T = process.stdout.isTTY ? "\x1b[38;2;45;212;168m" : ""; // teal
 const R = process.stdout.isTTY ? "\x1b[0m" : ""; // reset
 const D = process.stdout.isTTY ? "\x1b[2m" : ""; // dim
@@ -19,10 +38,20 @@ const VERSION_CHECK_FILE = path.join(CONFIG_DIR, ".version_check");
 const PROJECTS_FILE = path.join(CONFIG_DIR, "projects.json");
 const MANIFEST_FILES = [
-  "package.json", "go.mod", "pyproject.toml", "requirements.txt",
-  "pubspec.yaml", "Cargo.toml", "next.config.js", "next.config.mjs",
-  "next.config.ts", "tsconfig.json", "Makefile", "docker-compose.yml",
-  "Dockerfile", "pom.xml", "build.gradle",
+  // Node ecosystem
+  "package.json", "tsconfig.json",
+  "next.config.js", "next.config.mjs", "next.config.ts",
+  "vite.config.js", "vite.config.ts", "vite.config.mjs",
+  "vue.config.js", "nuxt.config.js", "nuxt.config.ts",
+  "svelte.config.js", "astro.config.mjs", "astro.config.ts",
+  "remix.config.js", "angular.json",
+  // Other languages
+  "go.mod", "pyproject.toml", "requirements.txt", "setup.py",
+  "pubspec.yaml", "Cargo.toml", "pom.xml", "build.gradle",
+  "Gemfile", "composer.json",
+  // Build/deploy
+  "Makefile", "docker-compose.yml", "Dockerfile",
+  "pnpm-workspace.yaml", "lerna.json", "turbo.json", "nx.json",
 ];
 const PROBE_DIRS = [
@@ -321,17 +350,20 @@ function mergeSettingsJson(existing, incoming) {
   } catch { return incoming; }
 }
-function mergeAgentsMd(existing, incoming) {
-  // If user marked as unmanaged, don't touch
-  if (existing.includes("managed: false")) return existing;
-  // If managed, update with new content but preserve user additions after managed block
-  return incoming;
-}
 function writeFiles(target, files) {
-  let created = 0, updated = 0, unchanged = 0, merged = 0;
+  let created = 0, updated = 0, unchanged = 0, merged = 0, skipped = 0;
+  const targetResolved = path.resolve(target);
   for (const [rel, content] of Object.entries(files)) {
-    const p = path.join(target, rel);
+    // HIGH: path traversal protection — reject absolute paths and `..` escapes
+    if (typeof rel !== "string" || !rel || path.isAbsolute(rel) || rel.split(/[/\\]/).includes("..")) {
+      skipped++;
+      continue;
+    }
+    const p = path.resolve(targetResolved, rel);
+    if (!p.startsWith(targetResolved + path.sep) && p !== targetResolved) {
+      skipped++;
+      continue;
+    }
     fs.mkdirSync(path.dirname(p), { recursive: true });
     let finalContent = content;
@@ -365,6 +397,7 @@ function writeFiles(target, files) {
   }
   const parts = [`${created} created`, `${updated} updated`, `${unchanged} unchanged`];
   if (merged) parts.push(`${merged} merged`);
+  if (skipped) parts.push(`${skipped} skipped (unsafe path)`);
   log(parts.join(", "));
   return created + updated;
 }
@@ -566,11 +599,17 @@ async function cmdSync(target, args = []) {
 async function cmdDetect(target) {
   const OPTIONAL_CLIS = ["gemini", "aider", "opencode"];
-  const { projectFiles } = collectMetadata(target);
-  const result = await apiCall("/v1/detect", { files: projectFiles });
+  const { projectFiles, fileContents, clis: localClis } = collectMetadata(target);
+  // Send file contents AND local CLI inventory so server can do content-based detection
+  const result = await apiCall("/v1/detect", {
+    project_files: projectFiles,
+    file_contents: fileContents,
+    available_clis: localClis,
+  });
   if (result.error) { log(`error: ${result.error}`); return; }
   console.log(`stack: ${result.stack || "?"}`);
-  const clis = result.available_clis || [];
+  // Use local CLIs if server didn't return any (server can't detect locally installed binaries)
+  const clis = (result.available_clis && result.available_clis.length && result.available_clis[0]) ? result.available_clis : localClis;
   if (clis.length) {
     console.log(`clis:  ${clis.join(", ")}`);
   } else {
@@ -1446,9 +1485,10 @@ async function cmdAuthLogin() {
       const url = `${API_URL}/v1/auth/${method}?cli=true`;
       p.log.info(`Opening browser: ${url}`);
       try {
-        const { execSync } = require("child_process");
+        const { execFileSync } = require("child_process");
         const cmd = os.platform() === "darwin" ? "open" : os.platform() === "win32" ? "start" : "xdg-open";
-        execSync(`${cmd} "${url}"`, { stdio: "ignore" });
+        // MED: use execFileSync to avoid shell injection via URL metacharacters
+        execFileSync(cmd, [url], { stdio: "ignore" });
       } catch {
         p.log.warn(`Could not open browser. Visit manually:\n  ${url}`);
       }
@@ -1585,7 +1625,9 @@ async function cmdRedeem(code) {
 async function cmdAuthStatus() {
   try {
     const auth = JSON.parse(fs.readFileSync(AUTH_FILE, "utf8"));
-    log(`${auth.email} (${auth.plan} plan)`);
+    // Backwards compat: old auth.json used `user`, new uses `email`
+    const email = auth.email || auth.user || "unknown";
+    log(`${email} (${auth.plan || "free"} plan)`);
     // Get usage from API
     const status = await apiCall("/v1/auth/status");
     if (status.usage_today) {
@@ -1791,6 +1833,23 @@ function cmdSwarm(target, sub, args) {
       const event = args.find((_, i) => args[i-1] === "--event") || "all";
       const secret = args.find((_, i) => args[i-1] === "--secret") || "";
       if (!url || !url.startsWith("http")) { log("Usage: 0dai swarm webhook add <url> [--event task_done|task_failed|all] [--secret TOKEN]"); return; }
+      // MED: SSRF protection — block internal/metadata endpoints
+      try {
+        const u = new URL(url);
+        const host = u.hostname;
+        const BLOCKED = /^(127\.|10\.|192\.168\.|172\.(1[6-9]|2[0-9]|3[01])\.|169\.254\.|::1$|fc00:|fe80:|localhost$|0\.0\.0\.0$)/i;
+        if (BLOCKED.test(host) || host === "metadata.google.internal") {
+          log(`rejected: ${host} is a private/internal address (SSRF protection)`);
+          return;
+        }
+        if (u.protocol !== "https:" && u.protocol !== "http:") {
+          log(`rejected: only http/https allowed, got ${u.protocol}`);
+          return;
+        }
+      } catch {
+        log(`invalid URL: ${url}`);
+        return;
+      }
       const hooks = loadHooks();
       if (hooks.find(h => h.url === url)) { log(`already registered: ${url}`); return; }
       hooks.push({ url, event, secret: secret || undefined, added_at: new Date().toISOString() });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@0dai-dev/cli",
-  "version": "3.3.1",
+  "version": "3.3.3",
   "description": "One config layer for 5 AI agent CLIs — Claude Code, Codex, OpenCode, Gemini, Aider",
   "bin": {
     "0dai": "./bin/0dai.js"