npm - @mmmbuto/masix - Versions diffs - 0.3.8 → 0.4.1 - Mend

@mmmbuto/masix 0.3.8 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (42) hide show

package/packages/plugin-base/codex-backend/source/src/exec.rs ADDED Viewed

@@ -0,0 +1,436 @@
+//! Command execution with safety bounds
+//!
+//! Provides secure one-shot command execution with:
+//! - Command allowlist/denylist
+//! - Timeout enforcement
+//! - Output size bounds
+//! - Working directory validation
+use crate::{CodingError, ExecutionProfile, ResolvedWorkspace};
+use std::path::PathBuf;
+use std::process::Stdio;
+use std::time::{Duration, Instant};
+use tokio::process::Command;
+/// Maximum output size (1MB default)
+pub const DEFAULT_MAX_OUTPUT_BYTES: usize = 1024 * 1024;
+/// Default timeout (60 seconds for exec)
+pub const DEFAULT_EXEC_TIMEOUT_SECS: u64 = 60;
+/// Maximum timeout allowed (5 minutes)
+pub const MAX_EXEC_TIMEOUT_SECS: u64 = 300;
+/// Truncation marker for output
+const TRUNCATION_MARKER: &str = "\n...[OUTPUT TRUNCATED]";
+/// Default command allowlist (safe commands)
+pub const DEFAULT_COMMAND_ALLOWLIST: &[&str] = &[
+    "ls", "cat", "head", "tail", "wc", "grep", "find", "git", "pwd", "echo", "which", "dirname",
+    "basename", "realpath", "readlink", "stat", "file", "tree", "du", "diff", "sort", "uniq",
+    "cut", "awk", "sed", "tr", "xargs", "env", "printenv", "date", "uname", "id", "whoami",
+    "hostname", "cargo", "rustc", "rustup", "npm", "node", "yarn", "pnpm", "python", "python3",
+    "pip", "pip3", "go", "gofmt", "make", "cmake", "gcc", "g++", "clang", "clang++", "mvn",
+    "gradle", "dotnet", "ruby", "gem", "bundle", "php", "composer", "perl", "cargo", "rustfmt",
+    "clippy", "rg", "fd", "bat", "exa", "jq", "yq", "tomlq", "sqlite3",
+];
+/// Commands that are always denied (dangerous operations)
+pub const COMMAND_DENYLIST: &[&str] = &[
+    "rm",
+    "rmdir",
+    "dd",
+    "mkfs",
+    "fdisk",
+    "parted",
+    "shutdown",
+    "reboot",
+    "halt",
+    "poweroff",
+    "init",
+    "systemctl",
+    "service",
+    "apt",
+    "apt-get",
+    "yum",
+    "dnf",
+    "pacman",
+    "brew",
+    "snap",
+    "flatpak",
+    "chown",
+    "chmod",
+    "chgrp",
+    "passwd",
+    "su",
+    "sudo",
+    "doas",
+    "pkexec",
+    "gksudo",
+    "kdesu",
+    "nc",
+    "ncat",
+    "netcat",
+    "telnet",
+    "ssh",
+    "scp",
+    "sftp",
+    "rsync",
+    "curl",
+    "wget",
+    "aria2c",
+    "tcpdump",
+    "wireshark",
+    "tshark",
+    "nmap",
+    "masscan",
+    "iptables",
+    "ip6tables",
+    "nft",
+    "ufw",
+    "firewall-cmd",
+];
+/// Execution request
+#[derive(Debug, Clone)]
+pub struct ExecRequest {
+    /// Command to execute (binary name or path)
+    pub command: String,
+    /// Command arguments
+    pub args: Vec<String>,
+    /// Working directory (must be within workspace)
+    pub cwd: Option<PathBuf>,
+    /// Timeout in seconds
+    pub timeout_secs: u64,
+    /// Maximum output bytes
+    pub max_output_bytes: usize,
+    /// Whether to check allowlist
+    pub check_allowlist: bool,
+}
+impl Default for ExecRequest {
+    fn default() -> Self {
+        Self {
+            command: String::new(),
+            args: Vec::new(),
+            cwd: None,
+            timeout_secs: DEFAULT_EXEC_TIMEOUT_SECS,
+            max_output_bytes: DEFAULT_MAX_OUTPUT_BYTES,
+            check_allowlist: true,
+        }
+    }
+}
+impl ExecRequest {
+    /// Create a new exec request
+    pub fn new(command: impl Into<String>) -> Self {
+        Self {
+            command: command.into(),
+            ..Default::default()
+        }
+    }
+    /// Add an argument
+    pub fn arg(mut self, arg: impl Into<String>) -> Self {
+        self.args.push(arg.into());
+        self
+    }
+    /// Add multiple arguments
+    pub fn args(mut self, args: impl IntoIterator<Item = impl Into<String>>) -> Self {
+        self.args.extend(args.into_iter().map(Into::into));
+        self
+    }
+    /// Set working directory
+    pub fn cwd(mut self, cwd: impl Into<PathBuf>) -> Self {
+        self.cwd = Some(cwd.into());
+        self
+    }
+    /// Set timeout
+    pub fn timeout_secs(mut self, secs: u64) -> Self {
+        self.timeout_secs = secs.min(MAX_EXEC_TIMEOUT_SECS);
+        self
+    }
+    /// Set max output bytes
+    pub fn max_output_bytes(mut self, bytes: usize) -> Self {
+        self.max_output_bytes = bytes;
+        self
+    }
+    /// Disable allowlist checking (admin-only)
+    pub fn bypass_allowlist(mut self) -> Self {
+        self.check_allowlist = false;
+        self
+    }
+}
+/// Execution result
+#[derive(Debug, Clone)]
+pub struct ExecResult {
+    /// Exit code (None if killed/timeout)
+    pub exit_code: Option<i32>,
+    /// Standard output
+    pub stdout: String,
+    /// Standard error
+    pub stderr: String,
+    /// Whether the command was killed due to timeout
+    pub timed_out: bool,
+    /// Whether output was truncated
+    pub output_truncated: bool,
+    /// Execution duration
+    pub duration: Duration,
+}
+impl ExecResult {
+    /// Check if execution was successful
+    pub fn success(&self) -> bool {
+        self.exit_code == Some(0)
+    }
+}
+/// Command executor with safety bounds
+#[derive(Debug, Clone)]
+pub struct CommandExecutor {
+    /// Workspace for path validation
+    workspace: ResolvedWorkspace,
+    /// Additional allowed commands
+    extra_allowed: Vec<String>,
+    /// Execution profile
+    profile: ExecutionProfile,
+}
+impl CommandExecutor {
+    /// Create a new executor for a workspace
+    pub fn new(workspace: ResolvedWorkspace) -> Self {
+        Self {
+            workspace,
+            extra_allowed: Vec::new(),
+            profile: ExecutionProfile::WorkspaceLocked,
+        }
+    }
+    /// Set execution profile
+    pub fn with_profile(mut self, profile: ExecutionProfile) -> Self {
+        self.profile = profile;
+        self
+    }
+    /// Add an allowed command
+    pub fn allow_command(mut self, cmd: impl Into<String>) -> Self {
+        self.extra_allowed.push(cmd.into());
+        self
+    }
+    /// Check if a command is allowed
+    pub fn is_command_allowed(&self, command: &str) -> Result<(), CodingError> {
+        let base_name = base_command_name(command);
+        // Always check denylist
+        if COMMAND_DENYLIST.contains(&base_name.as_str()) {
+            return Err(CodingError::PolicyError(format!(
+                "Command '{}' is in denylist",
+                base_name
+            )));
+        }
+        // If allowlist checking is disabled (SystemUnlocked profile), allow
+        if self.profile == ExecutionProfile::SystemUnlocked {
+            return Ok(());
+        }
+        // Check if in default allowlist
+        if DEFAULT_COMMAND_ALLOWLIST.contains(&base_name.as_str()) {
+            return Ok(());
+        }
+        // Check if in extra allowed
+        if self.extra_allowed.iter().any(|c| c == &base_name) {
+            return Ok(());
+        }
+        Err(CodingError::PolicyError(format!(
+            "Command '{}' not in allowlist",
+            base_name
+        )))
+    }
+    /// Execute a command
+    pub async fn execute(&self, request: ExecRequest) -> Result<ExecResult, CodingError> {
+        let start_time = Instant::now();
+        // Validate command policy
+        if request.check_allowlist {
+            self.is_command_allowed(&request.command)?;
+        } else {
+            let base_name = base_command_name(&request.command);
+            if COMMAND_DENYLIST.contains(&base_name.as_str()) {
+                return Err(CodingError::PolicyError(format!(
+                    "Command '{}' is in denylist",
+                    base_name
+                )));
+            }
+            if self.profile != ExecutionProfile::SystemUnlocked {
+                return Err(CodingError::PolicyError(
+                    "Allowlist bypass requires system_unlocked profile".into(),
+                ));
+            }
+        }
+        // Validate timeout
+        let timeout = Duration::from_secs(request.timeout_secs.min(MAX_EXEC_TIMEOUT_SECS));
+        // Validate working directory
+        let cwd = if let Some(ref cwd) = request.cwd {
+            self.workspace.is_path_allowed(cwd)?
+        } else {
+            self.workspace.root.clone()
+        };
+        // Build command
+        let mut cmd = Command::new(&request.command);
+        cmd.args(&request.args)
+            .current_dir(&cwd)
+            .stdin(Stdio::null())
+            .stdout(Stdio::piped())
+            .stderr(Stdio::piped());
+        // Kill process if dropped during timeout or cancellation.
+        cmd.kill_on_drop(true);
+        // Spawn process
+        let child = cmd.spawn().map_err(|e| {
+            CodingError::ToolError(format!("Failed to spawn '{}': {}", request.command, e))
+        })?;
+        // Wait for completion with timeout while collecting both stdout/stderr.
+        let result = tokio::time::timeout(timeout, child.wait_with_output()).await;
+        let (exit_code, timed_out, stdout_raw, stderr_raw) = match result {
+            Ok(Ok(output)) => (output.status.code(), false, output.stdout, output.stderr),
+            Ok(Err(e)) => {
+                return Err(CodingError::ToolError(format!("Process error: {}", e)));
+            }
+            Err(_) => (None, true, Vec::new(), Vec::new()),
+        };
+        let (stdout, stdout_truncated) = truncate_bytes(&stdout_raw, request.max_output_bytes);
+        let (stderr, stderr_truncated) = truncate_bytes(&stderr_raw, request.max_output_bytes);
+        Ok(ExecResult {
+            exit_code,
+            stdout,
+            stderr,
+            timed_out,
+            output_truncated: stdout_truncated || stderr_truncated,
+            duration: start_time.elapsed(),
+        })
+    }
+}
+fn base_command_name(command: &str) -> String {
+    PathBuf::from(command)
+        .file_name()
+        .and_then(|n| n.to_str())
+        .unwrap_or(command)
+        .to_string()
+}
+fn truncate_bytes(bytes: &[u8], max_bytes: usize) -> (String, bool) {
+    if bytes.len() <= max_bytes {
+        return (String::from_utf8_lossy(bytes).to_string(), false);
+    }
+    let truncated = String::from_utf8_lossy(&bytes[..max_bytes]).to_string();
+    (format!("{}{}", truncated, TRUNCATION_MARKER), true)
+}
+#[cfg(test)]
+mod tests {
+    use super::*;
+    fn test_workspace() -> ResolvedWorkspace {
+        ResolvedWorkspace {
+            root: std::env::temp_dir(),
+            source: crate::workspace::WorkspaceSource::DefaultRoot,
+            profile: ExecutionProfile::WorkspaceLocked,
+            allowed_roots: Vec::new(),
+        }
+    }
+    #[test]
+    fn test_command_allowed() {
+        let executor = CommandExecutor::new(test_workspace());
+        assert!(executor.is_command_allowed("ls").is_ok());
+        assert!(executor.is_command_allowed("git").is_ok());
+        assert!(executor.is_command_allowed("cargo").is_ok());
+    }
+    #[test]
+    fn test_command_denied() {
+        let executor = CommandExecutor::new(test_workspace());
+        assert!(executor.is_command_allowed("rm").is_err());
+        assert!(executor.is_command_allowed("sudo").is_err());
+        assert!(executor.is_command_allowed("apt").is_err());
+    }
+    #[test]
+    fn test_command_not_in_allowlist() {
+        let executor = CommandExecutor::new(test_workspace());
+        // A command not in allowlist but not in denylist
+        let result = executor.is_command_allowed("my-custom-tool");
+        assert!(result.is_err());
+        assert!(matches!(result, Err(CodingError::PolicyError(_))));
+    }
+    #[test]
+    fn test_exec_request_builder() {
+        let req = ExecRequest::new("git")
+            .args(["status", "--short"])
+            .timeout_secs(30)
+            .max_output_bytes(1024);
+        assert_eq!(req.command, "git");
+        assert_eq!(req.args, vec!["status", "--short"]);
+        assert_eq!(req.timeout_secs, 30);
+        assert_eq!(req.max_output_bytes, 1024);
+    }
+    #[tokio::test]
+    async fn test_execute_simple_command() {
+        let executor = CommandExecutor::new(test_workspace());
+        let req = ExecRequest::new("echo").arg("hello");
+        let result = executor.execute(req).await;
+        assert!(result.is_ok());
+        let result = result.unwrap();
+        assert!(result.success());
+        assert!(result.stdout.contains("hello"));
+    }
+    #[tokio::test]
+    async fn test_execute_with_timeout() {
+        let executor = CommandExecutor::new(test_workspace());
+        // This would timeout if we used sleep, but for now test basic execution
+        let req = ExecRequest::new("echo").arg("test").timeout_secs(1);
+        let result = executor.execute(req).await;
+        assert!(result.is_ok());
+    }
+    #[tokio::test]
+    async fn test_bypass_allowlist_requires_system_unlocked() {
+        let executor = CommandExecutor::new(test_workspace());
+        let req = ExecRequest::new("my-custom-tool").bypass_allowlist();
+        let result = executor.execute(req).await;
+        assert!(matches!(result, Err(CodingError::PolicyError(_))));
+    }
+}