@bonginkan/maria 1.8.7 → 1.8.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bin/maria.js +30 -3
- package/dist/bin/maria.js.map +1 -1
- package/dist/cli.js +30 -3
- package/dist/cli.js.map +1 -1
- package/dist/index.js +30 -3
- package/dist/index.js.map +1 -1
- package/dist/metafile-cjs.json +1 -1
- package/package.json +1 -1
- package/dist/bin/maria.d.ts +0 -2
- package/dist/cli.d.ts +0 -17
- package/dist/index.d.ts +0 -1129
package/dist/bin/maria.js
CHANGED
|
@@ -17292,10 +17292,37 @@ BEGIN TEST GENERATION:
|
|
|
17292
17292
|
command += " --coverage";
|
|
17293
17293
|
}
|
|
17294
17294
|
if (request.target) {
|
|
17295
|
-
|
|
17295
|
+
const sanitizedTarget = this.sanitizeTarget(request.target);
|
|
17296
|
+
if (sanitizedTarget) {
|
|
17297
|
+
command += ` ${sanitizedTarget}`;
|
|
17298
|
+
}
|
|
17296
17299
|
}
|
|
17297
17300
|
return command;
|
|
17298
17301
|
}
|
|
17302
|
+
/**
|
|
17303
|
+
* Sanitize target parameter to prevent command injection
|
|
17304
|
+
*/
|
|
17305
|
+
sanitizeTarget(target) {
|
|
17306
|
+
const safePathPattern = /^[a-zA-Z0-9._/-]+$/;
|
|
17307
|
+
const dangerousChars = /[;&|`$(){}[\]<>'"\\]/;
|
|
17308
|
+
if (!target || target.trim() === "") {
|
|
17309
|
+
return null;
|
|
17310
|
+
}
|
|
17311
|
+
const trimmedTarget = target.trim();
|
|
17312
|
+
if (dangerousChars.test(trimmedTarget)) {
|
|
17313
|
+
logger.warn("Test target contains dangerous characters, ignoring:", trimmedTarget);
|
|
17314
|
+
return null;
|
|
17315
|
+
}
|
|
17316
|
+
if (!safePathPattern.test(trimmedTarget)) {
|
|
17317
|
+
logger.warn("Test target contains invalid characters, ignoring:", trimmedTarget);
|
|
17318
|
+
return null;
|
|
17319
|
+
}
|
|
17320
|
+
if (trimmedTarget.includes("..")) {
|
|
17321
|
+
logger.warn("Test target contains directory traversal, ignoring:", trimmedTarget);
|
|
17322
|
+
return null;
|
|
17323
|
+
}
|
|
17324
|
+
return trimmedTarget;
|
|
17325
|
+
}
|
|
17299
17326
|
/**
|
|
17300
17327
|
* Parse test results
|
|
17301
17328
|
*/
|
|
@@ -25019,7 +25046,7 @@ function createInteractiveSession(maria) {
|
|
|
25019
25046
|
}
|
|
25020
25047
|
}
|
|
25021
25048
|
process.stdout.write(TEXT_HIERARCHY.SUBTITLE("\nMARIA: "));
|
|
25022
|
-
process.stdout.write(chalk13__default.default.gray("\u{1F914} Thinking...
|
|
25049
|
+
process.stdout.write(chalk13__default.default.gray("\u{1F914} Thinking..."));
|
|
25023
25050
|
try {
|
|
25024
25051
|
const stream = maria.chatStream(message);
|
|
25025
25052
|
process.stdout.write("\r" + TEXT_HIERARCHY.SUBTITLE("MARIA: "));
|
|
@@ -28163,7 +28190,7 @@ var init_package = __esm({
|
|
|
28163
28190
|
"package.json"() {
|
|
28164
28191
|
package_default = {
|
|
28165
28192
|
name: "@bonginkan/maria",
|
|
28166
|
-
version: "1.8.
|
|
28193
|
+
version: "1.8.8",
|
|
28167
28194
|
description: "Enterprise-Grade AI Development Platform - Intelligent CLI with Complete Local AI Integration (Ollama + vLLM + LM Studio), 50 Cognitive Modes, Vector-based Code Search, and Comprehensive Quality Analysis",
|
|
28168
28195
|
keywords: [
|
|
28169
28196
|
"ai",
|