@aikidosec/safe-chain 0.0.1-custom-install-dir

package/src/shell-integration/teardown.js

@@ -0,0 +1,114 @@
+import chalk from "chalk";
+import { ui } from "../environment/userInteraction.js";
+import { detectShells } from "./shellDetection.js";
+import { knownAikidoTools, getPackageManagerList } from "./helpers.js";
+import { getShimsDir, getScriptsDir } from "../config/safeChainDir.js";
+import fs from "fs";
+
+/**
+ * @returns {Promise<void>}
+ */
+export async function teardown() {
+  ui.writeInformation(
+    chalk.bold("Removing shell aliases.") +
+      ` This will remove safe-chain aliases for ${getPackageManagerList()}.`
+  );
+  ui.emptyLine();
+
+  try {
+    const shells = detectShells();
+    if (shells.length === 0) {
+      ui.writeError("No supported shells detected. Cannot remove aliases.");
+      return;
+    }
+
+    ui.writeInformation(
+      `Detected ${shells.length} supported shell(s): ${shells
+        .map((shell) => chalk.bold(shell.name))
+        .join(", ")}.`
+    );
+
+    let updatedCount = 0;
+    for (const shell of shells) {
+      let success = false;
+      try {
+        success = shell.teardown(knownAikidoTools);
+      } catch {
+        success = false;
+      }
+
+      if (success) {
+        ui.writeInformation(
+          `${chalk.bold("- " + shell.name + ":")} ${chalk.green(
+            "Teardown successful"
+          )}`
+        );
+        updatedCount++;
+      } else {
+        ui.writeError(
+          `${chalk.bold("- " + shell.name + ":")} ${chalk.red(
+            "Teardown failed"
+          )}`
+        );
+        ui.emptyLine();
+        ui.writeInformation(`  ${chalk.bold("To tear down manually:")}`);
+        for (const instruction of shell.getManualTeardownInstructions()) {
+          ui.writeInformation(`    ${instruction}`);
+        }
+        ui.emptyLine();
+      }
+    }
+
+    if (updatedCount > 0) {
+      ui.emptyLine();
+      ui.writeInformation(`Please restart your terminal to apply the changes.`);
+    }
+  } catch (/** @type {any} */ error) {
+    ui.writeError(
+      `Failed to remove shell aliases: ${error.message}. Please check your shell configuration.`
+    );
+    return;
+  }
+}
+
+/**
+ * Removes directories created by setup-ci and setup commands
+ * @returns {Promise<void>}
+ */
+export async function teardownDirectories() {
+  const shimsDir = getShimsDir();
+  const scriptsDir = getScriptsDir();
+
+  // Remove CI shims directory
+  if (fs.existsSync(shimsDir)) {
+    try {
+      fs.rmSync(shimsDir, { recursive: true, force: true });
+      ui.writeInformation(
+        `${chalk.bold("- CI Shims:")} ${chalk.green("Removed successfully")}`
+      );
+    } catch (/** @type {any} */ error) {
+      ui.writeError(
+        `${chalk.bold("- CI Shims:")} ${chalk.red(
+          "Failed to remove"
+        )}. Error: ${error.message}`
+      );
+    }
+  }
+
+  // Remove scripts directory
+  if (fs.existsSync(scriptsDir)) {
+    try {
+      fs.rmSync(scriptsDir, { recursive: true, force: true });
+      ui.writeInformation(
+        `${chalk.bold("- Scripts:")} ${chalk.green("Removed successfully")}`
+      );
+    } catch (/** @type {any} */ error) {
+      ui.writeError(
+        `${chalk.bold("- Scripts:")} ${chalk.red(
+          "Failed to remove"
+        )}. Error: ${error.message}`
+      );
+    }
+  }
+
+}

package/src/utils/safeSpawn.js

@@ -0,0 +1,153 @@
+import { spawn, execSync } from "child_process";
+import os from "os";
+import { ui } from "../environment/userInteraction.js";
+
+/**
+ * @param {string} arg
+ *
+ * @returns {string}
+ */
+function sanitizeShellArgument(arg) {
+  // If argument contains shell metacharacters, wrap in double quotes
+  // and escape characters that are special even inside double quotes
+  if (hasShellMetaChars(arg)) {
+    // Inside double quotes, we need to escape: " $ ` \
+    return '"' + escapeDoubleQuoteContent(arg) + '"';
+  }
+  return arg;
+}
+
+/**
+ * @param {string} arg
+ *
+ * @returns {boolean}
+ */
+function hasShellMetaChars(arg) {
+  // Shell metacharacters that need escaping
+  // These characters have special meaning in shells and need to be quoted
+  // Whenever one of these characters is present, we should quote the argument
+  // Characters: space, ", &, ', |, ;, <, >, (, ), $, `, \, !, *, ?, [, ], {, }, ~, #
+  const shellMetaChars = /[ "&'|;<>()$`\\!*?[\]{}~#]/;
+  return shellMetaChars.test(arg);
+}
+
+/**
+ * @param {string} arg
+ *
+ * @returns {string}
+ */
+function escapeDoubleQuoteContent(arg) {
+  // Escape special characters for shell safety
+  // This escapes ", $, `, and \ by prefixing them with a backslash
+  return arg.replace(/(["`$\\])/g, "\\$1");
+}
+
+/**
+ * @param {string} command
+ * @param {string[]} args
+ *
+ * @returns {string}
+ */
+function buildCommand(command, args) {
+  if (args.length === 0) {
+    return command;
+  }
+
+  const escapedArgs = args.map(sanitizeShellArgument);
+
+  return `${command} ${escapedArgs.join(" ")}`;
+}
+
+/**
+ * @param {string} command
+ *
+ * @returns {string}
+ */
+function resolveCommandPath(command) {
+  // command will be "npm", "yarn", etc.
+  // Use 'command -v' to find the full path
+  const fullPath = execSync(`command -v ${command}`, {
+    encoding: "utf8",
+  }).trim();
+
+  if (!fullPath) {
+    throw new Error(`Command not found: ${command}`);
+  }
+
+  return fullPath;
+}
+
+/**
+ * @param {string} command
+ * @param {string[]} args
+ * @param {import("child_process").SpawnOptions} options
+ *
+ * @returns {Promise<{status: number, stdout: string, stderr: string}>}
+ */
+export async function safeSpawn(command, args, options = {}) {
+  // The command is always one of our supported package managers.
+  // It should always be alphanumeric or _ or -
+  // Reject any command names with suspicious characters
+  if (!/^[a-zA-Z0-9_-]+$/.test(command)) {
+    throw new Error(`Invalid command name: ${command}`);
+  }
+
+  return new Promise((resolve, reject) => {
+    // Windows requires shell: true because .bat and .cmd files are not executable
+    // without a terminal. On Unix/macOS, we resolve the full path first, then use
+    // array args (safer, no escaping needed).
+    // See: https://nodejs.org/api/child_process.html#child_processspawncommand-args-options
+    let child;
+    if (os.platform() === "win32") {
+      const fullCommand = buildCommand(command, args);
+      child = spawn(fullCommand, { ...options, shell: true });
+    } else {
+      const fullPath = resolveCommandPath(command);
+      child = spawn(fullPath, args, options);
+    }
+
+    // When stdio is piped, we need to collect the output
+    let stdout = "";
+    let stderr = "";
+
+    child.stdout?.on("data", (data) => {
+      stdout += data.toString();
+    });
+
+    child.stderr?.on("data", (data) => {
+      stderr += data.toString();
+    });
+
+    child.on("close", (code) => {
+      // Code is null if it terminated by a signal. This should never
+      // happen in our code. If this happens, return 1 error code.
+
+      code = code ?? 1;
+
+      resolve({
+        status: code,
+        stdout: stdout,
+        stderr: stderr,
+      });
+    });
+
+    child.on("error", (error) => {
+      reject(error);
+    });
+  });
+}
+
+/**
+ * @param {string} command
+ * @param {string[]} args
+ * @param {import("child_process").SpawnOptions} options
+ *
+ * @returns {Promise<{status: number, stdout: string, stderr: string}>}
+ */
+export async function printVerboseAndSafeSpawn(command, args, options = {}) {
+  ui.writeVerbose(`Running: ${command} ${args.join(" ")}`);
+
+  const result = await safeSpawn(command, args, options);
+
+  return result;
+}

package/tsconfig.json

@@ -0,0 +1,21 @@
+{
+  "compilerOptions": {
+    "lib": ["es2023"],
+    "module": "node16",
+    "strict": true,
+    "skipLibCheck": true,
+    "moduleResolution": "node16",
+    "allowJs": true,
+    "checkJs": true,
+    "noEmit": true,
+    "resolveJsonModule": true
+  },
+  "include": [
+    "src/**/*.js",
+    "bin/**/*.js"
+  ],
+  "exclude": [
+    "node_modules",
+    "src/**/*.spec.js"
+  ]
+}