@datalyr/wizard 1.0.0 → 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bin/wizard.js +15 -2
- package/dist/bin/wizard.js.map +1 -1
- package/dist/index.d.mts +60 -1
- package/dist/index.d.ts +60 -1
- package/dist/index.js +2392 -21
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +2389 -19
- package/dist/index.mjs.map +1 -1
- package/package.json +8 -2
package/dist/bin/wizard.js
CHANGED
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
|
-
#!/usr/bin/env node
|
|
3
2
|
"use strict";
|
|
4
3
|
var __create = Object.create;
|
|
5
4
|
var __defProp = Object.defineProperty;
|
|
@@ -73,16 +72,30 @@ var BLOCKED_PATTERNS = [
|
|
|
73
72
|
// Backticks
|
|
74
73
|
/\$\(/,
|
|
75
74
|
// Command substitution
|
|
75
|
+
/\$\w/,
|
|
76
|
+
// Variable expansion (could contain malicious code)
|
|
76
77
|
/\|\s*sh/,
|
|
77
78
|
// Piping to shell
|
|
78
79
|
/\|\s*bash/,
|
|
79
80
|
// Piping to bash
|
|
81
|
+
/\|\s*zsh/,
|
|
82
|
+
// Piping to zsh
|
|
83
|
+
/\|\|/,
|
|
84
|
+
// Or operator (allows fallback commands)
|
|
85
|
+
/\s&\s/,
|
|
86
|
+
// Background execution mid-command
|
|
87
|
+
/\s&$/,
|
|
88
|
+
// Background execution at end
|
|
80
89
|
/rm\s+-rf/,
|
|
81
90
|
// Dangerous rm
|
|
91
|
+
/rm\s+-r/,
|
|
92
|
+
// Recursive rm
|
|
82
93
|
/>\s*\//,
|
|
83
94
|
// Overwriting system files
|
|
84
|
-
/&&\s*rm
|
|
95
|
+
/&&\s*rm/,
|
|
85
96
|
// rm after &&
|
|
97
|
+
/\|\s*rm/
|
|
98
|
+
// rm after pipe
|
|
86
99
|
];
|
|
87
100
|
function validateBashCommand(command) {
|
|
88
101
|
for (const pattern of BLOCKED_PATTERNS) {
|