@automattic/vip 2.36.3 → 2.37.0

package/dist/lib/constants/dev-environment.js

@@ -29,15 +29,7 @@ const DEV_ENVIRONMENT_PHP_VERSIONS = exports.DEV_ENVIRONMENT_PHP_VERSIONS = {
   },
   8.3: {
     image: 'ghcr.io/automattic/vip-container-images/php-fpm:8.3',
-    label: '8.3 (experimental, not supported)'
-  },
-  '8.0': {
-    image: 'ghcr.io/automattic/vip-container-images/php-fpm:8.0',
-    label: '8.0 (EOL soon)'
-  },
-  7.4: {
-    image: 'ghcr.io/automattic/vip-container-images/php-fpm:7.4',
-    label: '7.4 (EOL; not supported)'
+    label: '8.3'
   }
 };
-const DEV_ENVIRONMENT_VERSION = exports.DEV_ENVIRONMENT_VERSION = '2.0.1';
+const DEV_ENVIRONMENT_VERSION = exports.DEV_ENVIRONMENT_VERSION = '2.0.2';

package/dist/lib/custom-deploy/custom-deploy.js

@@ -0,0 +1,95 @@
+"use strict";
+
+exports.__esModule = true;
+exports.gates = gates;
+exports.isSupportedApp = isSupportedApp;
+var _fs = _interopRequireDefault(require("fs"));
+var exit = _interopRequireWildcard(require("../../lib/cli/exit"));
+var _clientFileUploader = require("../../lib/client-file-uploader");
+var _fileSize = require("../../lib/constants/file-size");
+var _vipgo = require("../../lib/constants/vipgo");
+var _tracker = require("../../lib/tracker");
+var _customDeploy = require("../../lib/validations/custom-deploy");
+function _getRequireWildcardCache(e) { if ("function" != typeof WeakMap) return null; var r = new WeakMap(), t = new WeakMap(); return (_getRequireWildcardCache = function (e) { return e ? t : r; })(e); }
+function _interopRequireWildcard(e, r) { if (!r && e && e.__esModule) return e; if (null === e || "object" != typeof e && "function" != typeof e) return { default: e }; var t = _getRequireWildcardCache(r); if (t && t.has(e)) return t.get(e); var n = { __proto__: null }, a = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var u in e) if ("default" !== u && Object.prototype.hasOwnProperty.call(e, u)) { var i = a ? Object.getOwnPropertyDescriptor(e, u) : null; i && (i.get || i.set) ? Object.defineProperty(n, u, i) : n[u] = e[u]; } return n.default = e, t && t.set(e, n), n; }
+function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
+const DEPLOY_MAX_FILE_SIZE = 4 * _fileSize.GB_IN_BYTES;
+function isSupportedApp(app) {
+  return _vipgo.WORDPRESS_SITE_TYPE_IDS.includes(app.typeId);
+}
+
+/**
+ * @param {FileMeta} fileMeta
+ */
+async function gates(app, env, fileMeta) {
+  const {
+    fileName,
+    basename,
+    isCompressed
+  } = fileMeta;
+  const appId = env.appId;
+  const envId = env.id;
+  const track = _tracker.trackEventWithEnv.bind(null, appId, envId);
+  if (!_fs.default.existsSync(fileName)) {
+    await track('deploy_app_command_error', {
+      error_type: 'invalid-file'
+    });
+    exit.withError(`Unable to access file ${fileMeta.fileName}`);
+  }
+  if (!isCompressed) {
+    await track('deploy_app_command_error', {
+      error_type: 'uncompressed-file'
+    });
+    exit.withError(`Please compress file ${fileMeta.fileName} before uploading.`);
+  }
+  try {
+    (0, _customDeploy.validateFilename)(basename);
+  } catch (error) {
+    await track('deploy_app_command_error', {
+      error_type: 'invalid-filename'
+    });
+    exit.withError(error);
+  }
+  try {
+    (0, _customDeploy.validateDeployFileExt)(fileName);
+  } catch (error) {
+    await track('deploy_app_command_error', {
+      error_type: 'invalid-extension'
+    });
+    exit.withError(error);
+  }
+  if (!isSupportedApp(app)) {
+    await track('deploy_app_command_error', {
+      error_type: 'unsupported-app'
+    });
+    exit.withError('The type of application you specified does not currently support deploys.');
+  }
+  try {
+    await (0, _clientFileUploader.checkFileAccess)(fileName);
+  } catch (err) {
+    await track('deploy_app_command_error', {
+      error_type: 'appfile-unreadable'
+    });
+    exit.withError(`File '${fileName}' does not exist or is not readable.`);
+  }
+  if (!(await (0, _clientFileUploader.isFile)(fileName))) {
+    await track('deploy_app_command_error', {
+      error_type: 'appfile-notfile'
+    });
+    exit.withError(`Path '${fileName}' is not a file.`);
+  }
+  const fileSize = await (0, _clientFileUploader.getFileSize)(fileName);
+  if (!fileSize) {
+    await track('deploy_app_command_error', {
+      error_type: 'appfile-empty'
+    });
+    exit.withError(`File '${fileName}' is empty.`);
+  }
+  if (fileSize > DEPLOY_MAX_FILE_SIZE) {
+    await track('deploy_app_command_error', {
+      error_type: 'appfile-toobig',
+      file_size: fileSize
+    });
+    exit.withError(`The deploy file size (${fileSize} bytes) exceeds the limit (${DEPLOY_MAX_FILE_SIZE} bytes).`);
+  }
+}

package/dist/lib/dev-environment/dev-environment-cli.js

@@ -107,7 +107,9 @@ const verifyDNSResolution = async slug => {
     address = await (0, _promises.lookup)(testDomain, 4);
     debug(`Got DNS response ${address.address}`);
   } catch (error) {
-    throw new _userError.default(`DNS resolution for ${testDomain} failed. ${advice}`);
+    throw new _userError.default(`DNS resolution for ${testDomain} failed. ${advice}`, {
+      cause: error
+    });
   }
   if (address.address !== expectedIP) {
     throw new _userError.default(`DNS resolution for ${testDomain} returned unexpected IP ${address.address}. Expected value is ${expectedIP}. ${advice}`);
@@ -684,7 +686,7 @@ function getEnvTrackingInfo(slug) {
       const value = _devEnvironment.DEV_ENVIRONMENT_COMPONENTS_WITH_WP.includes(key) ? JSON.stringify(envData[key]) : envData[key];
       result[snakeCasedKey] = value;
     }
-    result.php = result.php.replace(/.*:/, '');
+    result.php = result.php.replace(/^[^:]+:/, '');
     return result;
   } catch (err) {
     return {

package/dist/lib/dev-environment/dev-environment-configuration-file.js

@@ -7,7 +7,6 @@ exports.mergeConfigurationFileOptions = mergeConfigurationFileOptions;
 exports.printConfigurationFile = printConfigurationFile;
 var _chalk = _interopRequireDefault(require("chalk"));
 var _debug = _interopRequireDefault(require("debug"));
-var _fs = require("fs");
 var _jsYaml = _interopRequireWildcard(require("js-yaml"));
 var _promises = require("node:fs/promises");
 var _nodePath = _interopRequireDefault(require("node:path"));
@@ -20,12 +19,14 @@ const CONFIGURATION_FILE_NAME = exports.CONFIGURATION_FILE_NAME = '.vip-dev-env.
 async function getConfigurationFileOptions() {
   const configurationFilePath = _nodePath.default.join(process.cwd(), CONFIGURATION_FILE_NAME);
   let configurationFileContents = '';
-  const fileExists = await (0, _promises.access)(configurationFilePath, _fs.constants.R_OK).then(() => true).catch(() => false);
-  if (fileExists) {
-    debug('Reading configuration file from:', configurationFilePath);
+  try {
     configurationFileContents = await (0, _promises.readFile)(configurationFilePath, 'utf8');
-  } else {
-    return {};
+    debug('Read configuration file from %s', configurationFilePath);
+  } catch (err) {
+    if (err.code === 'ENOENT') {
+      return {};
+    }
+    throw err;
   }
   let configurationFromFile = {};
   try {

package/dist/lib/dev-environment/dev-environment-core.js

@@ -29,7 +29,6 @@ var _ejs = _interopRequireDefault(require("ejs"));
 var _enquirer = require("enquirer");
 var _nodeFetch = _interopRequireDefault(require("node-fetch"));
 var _nodeFs = _interopRequireDefault(require("node:fs"));
-var _nodeOs = _interopRequireDefault(require("node:os"));
 var _nodePath = _interopRequireDefault(require("node:path"));
 var _semver = _interopRequireDefault(require("semver"));
 var _uuid = require("uuid");
@@ -53,7 +52,13 @@ const instanceDataFileName = 'instance_data.json';
 const uploadPathString = 'uploads';
 const nginxPathString = 'nginx';
 function xdgDataDirectory() {
-  return _xdgBasedir.default.data?.length ? _xdgBasedir.default.data : _nodeOs.default.tmpdir();
+  if (_xdgBasedir.default.data) {
+    return _xdgBasedir.default.data;
+  }
+
+  // This should not happen. If it does, this means that the system was unable to find user's home directory.
+  // If so, this does not leave us many options as to where to store the data.
+  throw new Error('Unable to determine data directory.');
 }
 async function startEnvironment(lando, slug, options) {
   debug('Will start an environment', slug);
@@ -273,13 +278,17 @@ function readEnvironmentData(slug) {
     instanceDataString = _nodeFs.default.readFileSync(instanceDataTargetPath, 'utf8');
   } catch (error) {
     const err = error;
-    throw new _userError.default(`There was an error reading file "${instanceDataTargetPath}": ${err.message}.`);
+    throw new _userError.default(`There was an error reading file "${instanceDataTargetPath}": ${err.message}.`, {
+      cause: error
+    });
   }
   try {
     instanceData = JSON.parse(instanceDataString);
   } catch (error) {
     const err = error;
-    throw new _userError.default(`There was an error parsing file "${instanceDataTargetPath}": ${err.message}. You may need to recreate the environment.`);
+    throw new _userError.default(`There was an error parsing file "${instanceDataTargetPath}": ${err.message}. You may need to recreate the environment.`, {
+      cause: error
+    });
   }
 
   /**
@@ -334,10 +343,14 @@ async function prepareLandoEnv(instanceData, instancePath) {
   await _nodeFs.default.promises.mkdir(nginxFolderPath, {
     recursive: true
   });
-  const landoFileExists = await _nodeFs.default.promises.stat(landoFileTargetPath).catch(() => false);
-  if (landoFileExists) {
-    await _nodeFs.default.promises.copyFile(landoFileTargetPath, landoBackupFileTargetPath);
+  try {
+    await _nodeFs.default.promises.rename(landoFileTargetPath, landoBackupFileTargetPath);
     console.log(`Backup of ${landoFileName} was created in ${landoBackupFileTargetPath}`);
+  } catch (err) {
+    // If the file doesn't exist, that's fine. Otherwise, throw the error.
+    if ('ENOENT' !== err.code) {
+      throw err;
+    }
   }
   await Promise.all([_nodeFs.default.promises.writeFile(landoFileTargetPath, landoFile), _nodeFs.default.promises.writeFile(nginxFileTargetPath, nginxFile), _nodeFs.default.promises.writeFile(instanceDataTargetPath, instanceDataFile)]);
   debug(`Lando file created in ${landoFileTargetPath}`);

package/dist/lib/dev-environment/docker-utils.js

@@ -79,7 +79,7 @@ async function getDockerSocket() {
 async function getEngineConfig(dockerHost) {
   const opts = {};
   if (dockerHost.startsWith('tcp://')) {
-    const split = /(?:tcp:\/\/)?(.*?):(\d+)/g.exec(dockerHost);
+    const split = /^(?:tcp:\/\/)([^:]+):(\d+)/g.exec(dockerHost);
     if (split && split.length === 3) {
       opts.host = split[1];
       opts.port = split[2];

package/dist/lib/env.js

@@ -11,7 +11,8 @@ const app = {
 };
 const os = {
   name: (0, _nodeOs.platform)(),
-  version: (0, _nodeOs.release)()
+  version: (0, _nodeOs.release)(),
+  arch: (0, _nodeOs.arch)()
 };
 const node = {
   version: process.version

package/dist/lib/user-error.js

@@ -3,8 +3,8 @@
 exports.__esModule = true;
 exports.default = void 0;
 class UserError extends Error {
-  constructor(message) {
-    super(message);
+  constructor(message, options) {
+    super(message, options);
     this.name = 'UserError';
   }
 }

package/dist/lib/validations/custom-deploy.js

@@ -0,0 +1,39 @@
+"use strict";
+
+exports.__esModule = true;
+exports.validateDeployFileExt = validateDeployFileExt;
+exports.validateFilename = validateFilename;
+var _path = _interopRequireDefault(require("path"));
+var exit = _interopRequireWildcard(require("../../lib/cli/exit"));
+function _getRequireWildcardCache(e) { if ("function" != typeof WeakMap) return null; var r = new WeakMap(), t = new WeakMap(); return (_getRequireWildcardCache = function (e) { return e ? t : r; })(e); }
+function _interopRequireWildcard(e, r) { if (!r && e && e.__esModule) return e; if (null === e || "object" != typeof e && "function" != typeof e) return { default: e }; var t = _getRequireWildcardCache(r); if (t && t.has(e)) return t.get(e); var n = { __proto__: null }, a = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var u in e) if ("default" !== u && Object.prototype.hasOwnProperty.call(e, u)) { var i = a ? Object.getOwnPropertyDescriptor(e, u) : null; i && (i.get || i.set) ? Object.defineProperty(n, u, i) : n[u] = e[u]; } return n.default = e, t && t.set(e, n), n; }
+function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
+/**
+ * Check if a file has a valid extension
+ *
+ * @param {string} filename The file extension
+ * @returns {boolean} True if the extension is valid
+ */
+function validateDeployFileExt(filename) {
+  let ext = _path.default.extname(filename).toLowerCase();
+  if (ext === '.gz' && _path.default.extname(_path.default.basename(filename, ext)) === '.tar') {
+    ext = '.tar.gz';
+  }
+  if (!['.zip', '.tar.gz', '.tgz'].includes(ext)) {
+    exit.withError('Invalid file extension. Please provide a .zip, .tar.gz, or a .tgz file.');
+  }
+}
+
+/**
+ * Check if a file has a valid name
+ * @param {string} filename The file name
+ * @returns {boolean} True if the filename is valid
+ */
+function validateFilename(filename) {
+  const re = /^[a-z0-9\-_.]+$/i;
+
+  // Exits if filename contains anything outside a-z A-Z - _ .
+  if (!re.test(filename)) {
+    exit.withError('Error: The characters used in the name of a file for custom deploys are limited to [0-9,a-z,A-Z,-,_,.]');
+  }
+}

package/dist/lib/validations/line-by-line.js

@@ -36,7 +36,9 @@ async function fileLineValidations(appId, envId, fileName, validations, searchRe
     });
   });
   readInterface.on('error', err => {
-    throw new Error(` Error validating input file: ${err.toString()}`);
+    throw new Error(`Error validating input file: ${err.toString()}`, {
+      cause: err
+    });
   });
 
   // Block until the processing completes

package/dist/lib/validations/sql.js

@@ -262,7 +262,7 @@ const checks = {
   siteHomeUrl: {
     matcher: "'(siteurl|home)',\\s?'(.*?)'",
     matchHandler: (lineNumber, results) => ({
-      text: results[1]
+      text: results[1] + ' ' + results[2]
     }),
     outputFormatter: infoCheckFormatter,
     results: [],

package/docs/CHANGELOG.md

@@ -1,5 +1,49 @@
 ## Changelog
 
+### 2.37.0
+
+- build(deps-dev): bump the babel group with 2 updates
+- build(deps): bump @automattic/vip-search-replace from 1.1.1 to 1.1.2
+- build(deps): bump Automattic/vip-actions from 0.2.0 to 0.3.0
+- build(deps): bump github/codeql-action from 2 to 3
+- BYOR: Add `vip app deploy`
+- build(deps-dev): bump eslint from 8.55.0 to 8.56.0
+- Dev-env: Remove 8.0 & 7.4 from available PHP versions
+- build(deps): bump open from 9.1.0 to 10.0.0
+- fix(dev-env): use the latest nginx image
+- build(deps-dev): bump dockerode from 4.0.0 to 4.0.1
+- build(deps): bump open from 10.0.0 to 10.0.1
+- build(deps-dev): bump dockerode from 4.0.1 to 4.0.2
+- build(deps): bump open from 10.0.1 to 10.0.2
+- fix(validate-sql): Display matched site-urls
+- build(deps): bump socket.io-client from 4.7.2 to 4.7.3
+- build(deps-dev): bump the babel group with 2 updates
+- build(deps): bump open from 10.0.2 to 10.0.3
+- feat: show detailed error information in debug mode
+- build(deps-dev): bump the babel group with 1 update
+- fix: issues found by SonarCloud
+- build(deps-dev): bump @types/node from 18.19.5 to 18.19.6
+- chore(deps): fix CVE-2023-26159 in follow-redirects
+- build(deps): bump Automattic/vip-actions from 0.3.0 to 0.5.0
+- build(deps): bump @automattic/vip-search-replace from 1.1.2 to 1.1.3
+- fix: Properly propagate quotes
+- fix(--format=json): Do not print header if specified format is json
+- feat(dev-env): add quiet mode for "import sql"
+- build(deps): bump socket.io-client from 4.7.3 to 4.7.4
+- fix: regex vulnerable to super-linear runtime
+- ci: add CodeQL workflow
+- ci: remove outdated CodeQL workflow
+- BYOR: Change manual-deploy to custom-deploy
+- build(deps-dev): bump @types/node from 18.19.6 to 18.19.8
+- build(deps-dev): bump nock from 13.4.0 to 13.5.0
+- fix(dev-env): CWE-367 in `prepareLandoEnv()`
+- fix(dev-env): CWE-367 in `getConfigurationFileOptions()`
+- fix(dev-env): CWE-377, CWE-378 originating from `xdgDataDirectory()`
+- build(deps): bump Automattic/vip-actions from 0.5.0 to 0.6.0
+
+
+**Full Changelog**: https://github.com/Automattic/vip-cli/compare/2.36.3...v2.37.0
+
 ### 2.36.3
 
 - build(deps): bump @json2csv/plainjs from 7.0.3 to 7.0.4