@howlil/ez-agents 3.4.1 → 3.5.0

package/ez-agents/bin/lib/safe-exec.cjs

@@ -1,128 +1,128 @@
-#!/usr/bin/env node
-
-/**
- * EZ Safe Exec — Secure command execution with allowlist and validation
- * 
- * Prevents command injection by:
- * - Using execFile instead of execSync with string concatenation
- * - Validating commands against allowlist
- * - Blocking dangerous shell metacharacters in arguments
- * - Logging all commands for audit
- * 
- * Usage:
- *   const { safeExec, safeExecJSON } = require('./safe-exec.cjs');
- *   const result = await safeExec('git', ['status']);
- */
-
-const { execFile } = require('child_process');
-const { promisify } = require('util');
-const execFileAsync = promisify(execFile);
-const Logger = require('./logger.cjs');
-const logger = new Logger();
-
-// Allowlist of safe commands
-const ALLOWED_COMMANDS = new Set([
-  'git', 'node', 'npm', 'npx', 'find', 'grep', 'head', 'tail', 'wc',
-  'mkdir', 'cp', 'mv', 'rm', 'cat', 'echo', 'test', 'ls', 'dir',
-  'pwd', 'cd', 'type', 'where', 'which', 'chmod', 'touch'
-]);
-
-// Dangerous shell metacharacters that could enable injection
-const DANGEROUS_PATTERN = /[;&|`$(){}\\<>]/;
-
-/**
- * Validate command is in allowlist
- * @param {string} cmd - Command to validate
- * @throws {Error} If command not allowed
- */
-function validateCommand(cmd) {
-  const baseCmd = cmd.split(' ')[0].toLowerCase();
-  if (!ALLOWED_COMMANDS.has(baseCmd)) {
-    throw new Error(`Command not allowed: ${cmd}. Allowed: ${Array.from(ALLOWED_COMMANDS).join(', ')}`);
-  }
-}
-
-/**
- * Validate arguments don't contain injection patterns
- * @param {string[]} args - Arguments to validate
- * @throws {Error} If dangerous pattern found
- */
-function validateArgs(args) {
-  for (const arg of args) {
-    if (DANGEROUS_PATTERN.test(arg)) {
-      throw new Error(`Dangerous argument rejected: ${arg}`);
-    }
-  }
-}
-
-/**
- * Execute command safely with validation and logging
- * @param {string} cmd - Command to execute
- * @param {string[]} args - Command arguments
- * @param {Object} options - Execution options
- * @returns {Promise<string>} - Command stdout
- */
-async function safeExec(cmd, args = [], options = {}) {
-  const { timeout = 30000, log = true } = options;
-  
-  // Validate command and arguments
-  validateCommand(cmd);
-  validateArgs(args);
-  
-  const startTime = Date.now();
-  
-  try {
-    if (log) {
-      logger.info('Executing command', { 
-        cmd, 
-        args, 
-        timestamp: new Date().toISOString() 
-      });
-    }
-    
-    const result = await execFileAsync(cmd, args, { 
-      timeout,
-      maxBuffer: 10 * 1024 * 1024 // 10MB buffer
-    });
-    
-    const duration = Date.now() - startTime;
-    if (log) {
-      logger.debug('Command completed', { 
-        cmd, 
-        duration,
-        stdout_length: result.stdout?.length || 0 
-      });
-    }
-    
-    return result.stdout.trim();
-  } catch (err) {
-    const duration = Date.now() - startTime;
-    logger.error('Command failed', { 
-      cmd, 
-      args, 
-      error: err.message,
-      duration,
-      code: err.code,
-      signal: err.signal
-    });
-    throw err;
-  }
-}
-
-/**
- * Execute command and return JSON parsed output
- * @param {string} cmd - Command to execute
- * @param {string[]} args - Command arguments
- * @returns {Promise<Object>} - Parsed JSON output
- */
-async function safeExecJSON(cmd, args = []) {
-  const output = await safeExec(cmd, args);
-  try {
-    return JSON.parse(output);
-  } catch (err) {
-    logger.error('Failed to parse JSON output', { cmd, output });
-    throw new Error(`Invalid JSON from ${cmd}: ${err.message}`);
-  }
-}
-
-module.exports = { safeExec, safeExecJSON, ALLOWED_COMMANDS };
+#!/usr/bin/env node
+
+/**
+ * EZ Safe Exec — Secure command execution with allowlist and validation
+ * 
+ * Prevents command injection by:
+ * - Using execFile instead of execSync with string concatenation
+ * - Validating commands against allowlist
+ * - Blocking dangerous shell metacharacters in arguments
+ * - Logging all commands for audit
+ * 
+ * Usage:
+ *   const { safeExec, safeExecJSON } = require('./safe-exec.cjs');
+ *   const result = await safeExec('git', ['status']);
+ */
+
+const { execFile } = require('child_process');
+const { promisify } = require('util');
+const execFileAsync = promisify(execFile);
+const Logger = require('./logger.cjs');
+const logger = new Logger();
+
+// Allowlist of safe commands
+const ALLOWED_COMMANDS = new Set([
+  'git', 'node', 'npm', 'npx', 'find', 'grep', 'head', 'tail', 'wc',
+  'mkdir', 'cp', 'mv', 'rm', 'cat', 'echo', 'test', 'ls', 'dir',
+  'pwd', 'cd', 'type', 'where', 'which', 'chmod', 'touch'
+]);
+
+// Dangerous shell metacharacters that could enable injection
+const DANGEROUS_PATTERN = /[;&|`$(){}\\<>]/;
+
+/**
+ * Validate command is in allowlist
+ * @param {string} cmd - Command to validate
+ * @throws {Error} If command not allowed
+ */
+function validateCommand(cmd) {
+  const baseCmd = cmd.split(' ')[0].toLowerCase();
+  if (!ALLOWED_COMMANDS.has(baseCmd)) {
+    throw new Error(`Command not allowed: ${cmd}. Allowed: ${Array.from(ALLOWED_COMMANDS).join(', ')}`);
+  }
+}
+
+/**
+ * Validate arguments don't contain injection patterns
+ * @param {string[]} args - Arguments to validate
+ * @throws {Error} If dangerous pattern found
+ */
+function validateArgs(args) {
+  for (const arg of args) {
+    if (DANGEROUS_PATTERN.test(arg)) {
+      throw new Error(`Dangerous argument rejected: ${arg}`);
+    }
+  }
+}
+
+/**
+ * Execute command safely with validation and logging
+ * @param {string} cmd - Command to execute
+ * @param {string[]} args - Command arguments
+ * @param {Object} options - Execution options
+ * @returns {Promise<string>} - Command stdout
+ */
+async function safeExec(cmd, args = [], options = {}) {
+  const { timeout = 30000, log = true } = options;
+  
+  // Validate command and arguments
+  validateCommand(cmd);
+  validateArgs(args);
+  
+  const startTime = Date.now();
+  
+  try {
+    if (log) {
+      logger.info('Executing command', { 
+        cmd, 
+        args, 
+        timestamp: new Date().toISOString() 
+      });
+    }
+    
+    const result = await execFileAsync(cmd, args, { 
+      timeout,
+      maxBuffer: 10 * 1024 * 1024 // 10MB buffer
+    });
+    
+    const duration = Date.now() - startTime;
+    if (log) {
+      logger.debug('Command completed', { 
+        cmd, 
+        duration,
+        stdout_length: result.stdout?.length || 0 
+      });
+    }
+    
+    return result.stdout.trim();
+  } catch (err) {
+    const duration = Date.now() - startTime;
+    logger.error('Command failed', { 
+      cmd, 
+      args, 
+      error: err.message,
+      duration,
+      code: err.code,
+      signal: err.signal
+    });
+    throw err;
+  }
+}
+
+/**
+ * Execute command and return JSON parsed output
+ * @param {string} cmd - Command to execute
+ * @param {string[]} args - Command arguments
+ * @returns {Promise<Object>} - Parsed JSON output
+ */
+async function safeExecJSON(cmd, args = []) {
+  const output = await safeExec(cmd, args);
+  try {
+    return JSON.parse(output);
+  } catch (err) {
+    logger.error('Failed to parse JSON output', { cmd, output });
+    throw new Error(`Invalid JSON from ${cmd}: ${err.message}`);
+  }
+}
+
+module.exports = { safeExec, safeExecJSON, ALLOWED_COMMANDS };

package/ez-agents/bin/lib/safe-path.cjs

@@ -1,130 +1,130 @@
-#!/usr/bin/env node
-
-/**
- * EZ Safe Path — Path traversal prevention utility
- * 
- * Prevents path traversal attacks by:
- * - Resolving and validating paths against base directory
- * - Blocking paths that escape base directory
- * - Handling Windows and Unix path formats
- * - Logging blocked attempts for security audit
- * 
- * Usage:
- *   const { normalizePath, isPathSafe, safeReadFile } = require('./safe-path.cjs');
- *   const safePath = normalizePath(process.cwd(), userPath);
- */
-
-const path = require('path');
-const fs = require('fs');
-const Logger = require('./logger.cjs');
-const logger = new Logger();
-
-/**
- * Normalize and validate a user-provided path against a base directory
- * @param {string} baseDir - Base directory (trusted)
- * @param {string} userPath - User-provided path (untrusted)
- * @returns {string} - Resolved absolute path if safe
- * @throws {Error} If path traversal detected
- */
-function normalizePath(baseDir, userPath) {
-  // Resolve both paths to absolute
-  const resolvedBase = path.resolve(baseDir);
-  const resolvedUser = path.resolve(baseDir, userPath);
-  
-  // Normalize for comparison (handle Windows backslashes)
-  const normalizedBase = resolvedBase + path.sep;
-  
-  // Check if user path is within base directory
-  const isWithin = 
-    resolvedUser === resolvedBase || 
-    resolvedUser.startsWith(normalizedBase);
-  
-  if (!isWithin) {
-    logger.error('Path traversal detected', {
-      baseDir: resolvedBase,
-      userPath,
-      resolvedUser,
-      timestamp: new Date().toISOString()
-    });
-    throw new Error(`Path traversal detected: ${userPath}`);
-  }
-  
-  return resolvedUser;
-}
-
-/**
- * Check if a path is safe (within base directory) without throwing
- * @param {string} baseDir - Base directory (trusted)
- * @param {string} userPath - User-provided path (untrusted)
- * @returns {boolean} - True if path is safe
- */
-function isPathSafe(baseDir, userPath) {
-  try {
-    normalizePath(baseDir, userPath);
-    return true;
-  } catch (err) {
-    return false;
-  }
-}
-
-/**
- * Validate path exists and is safe
- * @param {string} baseDir - Base directory
- * @param {string} userPath - User-provided path
- * @returns {string} - Resolved path if exists and safe
- * @throws {Error} If not found or traversal detected
- */
-function validatePathExists(baseDir, userPath) {
-  const resolvedPath = normalizePath(baseDir, userPath);
-  
-  if (!fs.existsSync(resolvedPath)) {
-    logger.warn('Path does not exist', {
-      resolvedPath,
-      userPath
-    });
-    throw new Error(`Path not found: ${userPath}`);
-  }
-  
-  return resolvedPath;
-}
-
-/**
- * Safely read a file (validates path before reading)
- * @param {string} baseDir - Base directory
- * @param {string} userPath - User-provided path
- * @param {string} encoding - File encoding (default: utf-8)
- * @returns {string} - File content
- * @throws {Error} If path unsafe or file not found
- */
-function safeReadFile(baseDir, userPath, encoding = 'utf-8') {
-  const resolvedPath = validatePathExists(baseDir, userPath);
-  
-  logger.debug('Reading file', { resolvedPath, userPath });
-  
-  return fs.readFileSync(resolvedPath, encoding);
-}
-
-/**
- * Get relative path from base, with validation
- * @param {string} baseDir - Base directory
- * @param {string} fullPath - Full path to convert
- * @returns {string} - Relative path or throws if outside base
- */
-function toRelativePath(baseDir, fullPath) {
-  const resolvedFull = path.resolve(fullPath);
-  const resolvedBase = path.resolve(baseDir);
-  
-  if (!isPathSafe(baseDir, resolvedFull)) {
-    throw new Error(`Path outside base: ${fullPath}`);
-  }
-  
-  return path.relative(resolvedBase, resolvedFull);
-}
-
-module.exports = {
-  normalizePath,
-  isPathSafe,
-  validatePathExists,
-  safeReadFile,
-  toRelativePath
-};
+#!/usr/bin/env node
+
+/**
+ * EZ Safe Path — Path traversal prevention utility
+ * 
+ * Prevents path traversal attacks by:
+ * - Resolving and validating paths against base directory
+ * - Blocking paths that escape base directory
+ * - Handling Windows and Unix path formats
+ * - Logging blocked attempts for security audit
+ * 
+ * Usage:
+ *   const { normalizePath, isPathSafe, safeReadFile } = require('./safe-path.cjs');
+ *   const safePath = normalizePath(process.cwd(), userPath);
+ */
+
+const path = require('path');
+const fs = require('fs');
+const Logger = require('./logger.cjs');
+const logger = new Logger();
+
+/**
+ * Normalize and validate a user-provided path against a base directory
+ * @param {string} baseDir - Base directory (trusted)
+ * @param {string} userPath - User-provided path (untrusted)
+ * @returns {string} - Resolved absolute path if safe
+ * @throws {Error} If path traversal detected
+ */
+function normalizePath(baseDir, userPath) {
+  // Resolve both paths to absolute
+  const resolvedBase = path.resolve(baseDir);
+  const resolvedUser = path.resolve(baseDir, userPath);
+  
+  // Normalize for comparison (handle Windows backslashes)
+  const normalizedBase = resolvedBase + path.sep;
+  
+  // Check if user path is within base directory
+  const isWithin = 
+    resolvedUser === resolvedBase || 
+    resolvedUser.startsWith(normalizedBase);
+  
+  if (!isWithin) {
+    logger.error('Path traversal detected', {
+      baseDir: resolvedBase,
+      userPath,
+      resolvedUser,
+      timestamp: new Date().toISOString()
+    });
+    throw new Error(`Path traversal detected: ${userPath}`);
+  }
+  
+  return resolvedUser;
+}
+
+/**
+ * Check if a path is safe (within base directory) without throwing
+ * @param {string} baseDir - Base directory (trusted)
+ * @param {string} userPath - User-provided path (untrusted)
+ * @returns {boolean} - True if path is safe
+ */
+function isPathSafe(baseDir, userPath) {
+  try {
+    normalizePath(baseDir, userPath);
+    return true;
+  } catch (err) {
+    return false;
+  }
+}
+
+/**
+ * Validate path exists and is safe
+ * @param {string} baseDir - Base directory
+ * @param {string} userPath - User-provided path
+ * @returns {string} - Resolved path if exists and safe
+ * @throws {Error} If not found or traversal detected
+ */
+function validatePathExists(baseDir, userPath) {
+  const resolvedPath = normalizePath(baseDir, userPath);
+  
+  if (!fs.existsSync(resolvedPath)) {
+    logger.warn('Path does not exist', {
+      resolvedPath,
+      userPath
+    });
+    throw new Error(`Path not found: ${userPath}`);
+  }
+  
+  return resolvedPath;
+}
+
+/**
+ * Safely read a file (validates path before reading)
+ * @param {string} baseDir - Base directory
+ * @param {string} userPath - User-provided path
+ * @param {string} encoding - File encoding (default: utf-8)
+ * @returns {string} - File content
+ * @throws {Error} If path unsafe or file not found
+ */
+function safeReadFile(baseDir, userPath, encoding = 'utf-8') {
+  const resolvedPath = validatePathExists(baseDir, userPath);
+  
+  logger.debug('Reading file', { resolvedPath, userPath });
+  
+  return fs.readFileSync(resolvedPath, encoding);
+}
+
+/**
+ * Get relative path from base, with validation
+ * @param {string} baseDir - Base directory
+ * @param {string} fullPath - Full path to convert
+ * @returns {string} - Relative path or throws if outside base
+ */
+function toRelativePath(baseDir, fullPath) {
+  const resolvedFull = path.resolve(fullPath);
+  const resolvedBase = path.resolve(baseDir);
+  
+  if (!isPathSafe(baseDir, resolvedFull)) {
+    throw new Error(`Path outside base: ${fullPath}`);
+  }
+  
+  return path.relative(resolvedBase, resolvedFull);
+}
+
+module.exports = {
+  normalizePath,
+  isPathSafe,
+  validatePathExists,
+  safeReadFile,
+  toRelativePath
+};