@parel/security-basic 0.1.0

package/dist/index.d.ts

@@ -0,0 +1,5 @@
+import * as _parel_core from '@parel/core';
+
+declare const _default: _parel_core.ParelPlugin;
+
+export { _default as default };

package/dist/index.js

@@ -0,0 +1,423 @@
+// src/index.ts
+import { definePlugin, HookPriority, LifecycleEvent } from "@parel/plugin-sdk";
+var DEFAULT_EXEC_TOOLS = /* @__PURE__ */ new Set(["bash", "shell", "exec", "terminal", "run_command", "run"]);
+var DEFAULT_ALLOWED_PATTERNS = [
+  /^(ls|cat|head|tail|wc|grep|find|which|echo|printf|date|pwd|whoami|id|env|printenv)$/,
+  /^(cd|mkdir|cp|mv|touch|ln)$/,
+  /^(node|npx|npm|pnpm|bun|deno|python|python3|pip|pip3)$/,
+  /^(git|gh)$/,
+  /^(curl|wget|dig|nslookup|ping)$/,
+  /^(jq|yq|sed|awk|sort|uniq|cut|tr|xargs|tee)$/,
+  /^(docker|podman|kubectl)$/,
+  /^(make|cargo|go|rustc|gcc|g\+\+|javac|java|dotnet)$/,
+  /^(tar|zip|unzip|gzip|gunzip)$/,
+  /^(vi|vim|nano|less|more|diff|patch)$/,
+  /^(test|\[|true|false|read|set|export|source|\.)$/
+];
+var DENY_PATTERNS = [
+  /\brm\s+(-[a-z]*r[a-z]*\s+(-[a-z]*f|\/)|(-[a-z]*f[a-z]*\s+(-[a-z]*r|\/))|-rf\s)/,
+  /\brm\s+(-[a-z]*f[a-z]*\s+)?\/($|\s)/,
+  /\bmkfs\b/,
+  /\bdd\b.*\bof=\/dev\//,
+  />\s*\/dev\/sd[a-z]/,
+  /\bchmod\b.*\b777\b.*\//,
+  /\bchown\b.*-R\b.*\//,
+  /\b(shutdown|reboot|halt|poweroff|init\s+[06])\b/,
+  /\bwipefs\b/,
+  /\bshred\b.*\//
+];
+function createSecretPatterns() {
+  return [
+    /sk-[a-zA-Z0-9]{20,}/g,
+    /sk-ant-[a-zA-Z0-9-]{20,}/g,
+    /ghp_[a-zA-Z0-9]{36,}/g,
+    /gho_[a-zA-Z0-9]{36,}/g,
+    /github_pat_[a-zA-Z0-9_]{20,}/g,
+    /AKIA[A-Z0-9]{16}/g,
+    /-----BEGIN (?:RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----/g,
+    /xoxb-[a-zA-Z0-9-]+/g,
+    /xoxp-[a-zA-Z0-9-]+/g,
+    /sk_live_[a-zA-Z0-9]+/g,
+    /pk_live_[a-zA-Z0-9]+/g,
+    /(?<=^|[^a-zA-Z0-9])pk_[a-zA-Z0-9]{24,}/g,
+    /eyJ[a-zA-Z0-9_-]{20,}\.[a-zA-Z0-9_-]{20,}\.[a-zA-Z0-9_-]{20,}/g
+  ];
+}
+function redactSecrets(text) {
+  for (const pattern of createSecretPatterns()) {
+    text = text.replace(pattern, "[REDACTED]");
+  }
+  return text;
+}
+function normalizeForDeny(cmd) {
+  return cmd.replace(/\\(.)/g, "$1").replace(/['"]/g, "").replace(/\s+/g, " ");
+}
+var COMMAND_WRAPPERS = /* @__PURE__ */ new Set([
+  "sudo",
+  "env",
+  "nohup",
+  "time",
+  "command",
+  "builtin",
+  "exec",
+  "nice",
+  "ionice",
+  "setsid",
+  "stdbuf",
+  "xargs",
+  "watch",
+  "timeout"
+]);
+var COMMAND_SEPARATORS = /* @__PURE__ */ new Set(["|", "||", "&&", ";", "&", "|&", "\n"]);
+function tokenize(input) {
+  const tokens = [];
+  let i = 0;
+  const n = input.length;
+  let current = "";
+  let currentNested = [];
+  let hasWord = false;
+  const pushWord = () => {
+    if (hasWord) {
+      tokens.push({ value: current, operator: false, nested: currentNested });
+      current = "";
+      currentNested = [];
+      hasWord = false;
+    }
+  };
+  const pushOperator = (op) => {
+    pushWord();
+    tokens.push({ value: op, operator: true, nested: [] });
+  };
+  const readBalanced = (start, open, close) => {
+    let depth = 1;
+    let j = start;
+    let quote = "normal";
+    while (j < n) {
+      const c = input[j];
+      if (quote === "single") {
+        if (c === "'") quote = "normal";
+        j++;
+        continue;
+      }
+      if (quote === "double") {
+        if (c === "\\") {
+          j += 2;
+          continue;
+        }
+        if (c === '"') quote = "normal";
+        j++;
+        continue;
+      }
+      if (c === "'") {
+        quote = "single";
+        j++;
+        continue;
+      }
+      if (c === '"') {
+        quote = "double";
+        j++;
+        continue;
+      }
+      if (c === "\\") {
+        j += 2;
+        continue;
+      }
+      if (open && c === open) {
+        depth++;
+        j++;
+        continue;
+      }
+      if (c === close) {
+        depth--;
+        if (depth === 0) {
+          return [input.slice(start, j), j + 1];
+        }
+        j++;
+        continue;
+      }
+      j++;
+    }
+    return [input.slice(start), n];
+  };
+  const addNested = (inner) => {
+    currentNested.push(tokenize(inner));
+    hasWord = true;
+  };
+  while (i < n) {
+    const c = input[i];
+    if (c === "'") {
+      const [inner, next] = readBalanced(i + 1, "", "'");
+      current += inner;
+      hasWord = true;
+      i = next;
+      continue;
+    }
+    if (c === '"') {
+      let j = i + 1;
+      while (j < n) {
+        const d = input[j];
+        if (d === "\\") {
+          if (j + 1 < n) current += input[j + 1];
+          j += 2;
+          continue;
+        }
+        if (d === '"') {
+          j++;
+          break;
+        }
+        if (d === "`") {
+          const [inner, next] = readBalanced(j + 1, "", "`");
+          addNested(inner);
+          j = next;
+          continue;
+        }
+        if (d === "$" && input[j + 1] === "(") {
+          const [inner, next] = readBalanced(j + 2, "(", ")");
+          addNested(inner);
+          j = next;
+          continue;
+        }
+        current += d;
+        hasWord = true;
+        j++;
+      }
+      hasWord = true;
+      i = j;
+      continue;
+    }
+    if (c === "`") {
+      const [inner, next] = readBalanced(i + 1, "", "`");
+      addNested(inner);
+      i = next;
+      continue;
+    }
+    if (c === "$" && input[i + 1] === "(") {
+      if (input[i + 2] === "(") {
+        const [, next2] = readBalanced(i + 3, "(", ")");
+        hasWord = true;
+        i = input[next2] === ")" ? next2 + 1 : next2;
+        continue;
+      }
+      const [inner, next] = readBalanced(i + 2, "(", ")");
+      addNested(inner);
+      i = next;
+      continue;
+    }
+    if ((c === "<" || c === ">") && input[i + 1] === "(") {
+      const [inner, next] = readBalanced(i + 2, "(", ")");
+      addNested(inner);
+      i = next;
+      continue;
+    }
+    if (c === " " || c === "	") {
+      pushWord();
+      i++;
+      continue;
+    }
+    if (c === "\n") {
+      pushOperator("\n");
+      i++;
+      continue;
+    }
+    if (c === "(") {
+      const [inner, next] = readBalanced(i + 1, "(", ")");
+      pushWord();
+      const innerTokens = tokenize(inner);
+      tokens.push({ value: "(", operator: true, nested: [] });
+      for (const t of innerTokens) tokens.push(t);
+      tokens.push({ value: ")", operator: true, nested: [] });
+      i = next;
+      continue;
+    }
+    const two = input.slice(i, i + 2);
+    if (two === "&&" || two === "||" || two === "|&") {
+      pushOperator(two);
+      i += 2;
+      continue;
+    }
+    if (c === "|" || c === ";" || c === "&") {
+      pushOperator(c);
+      i++;
+      continue;
+    }
+    if (c === ">" || c === "<") {
+      let op = c;
+      if (input[i + 1] === ">") {
+        op += ">";
+        i++;
+      }
+      if (input[i + 1] === "&") {
+        op += "&";
+        i++;
+      }
+      pushOperator(op);
+      i++;
+      continue;
+    }
+    if (c === "\\") {
+      if (i + 1 < n) {
+        current += input[i + 1];
+        hasWord = true;
+      }
+      i += 2;
+      continue;
+    }
+    current += c;
+    hasWord = true;
+    i++;
+  }
+  pushWord();
+  return tokens;
+}
+function collectPrograms(tokens, out) {
+  let expectProgram = true;
+  let afterRedirection = false;
+  let inWrapperArgs = false;
+  for (const token of tokens) {
+    for (const nested of token.nested) {
+      collectPrograms(nested, out);
+    }
+    if (token.operator) {
+      if (token.value === "(") {
+        expectProgram = true;
+        afterRedirection = false;
+        inWrapperArgs = false;
+        continue;
+      }
+      if (token.value === ")") {
+        expectProgram = false;
+        afterRedirection = false;
+        inWrapperArgs = false;
+        continue;
+      }
+      if (token.value[0] === ">" || token.value[0] === "<") {
+        afterRedirection = true;
+        continue;
+      }
+      if (COMMAND_SEPARATORS.has(token.value)) {
+        expectProgram = true;
+        afterRedirection = false;
+        inWrapperArgs = false;
+        continue;
+      }
+      continue;
+    }
+    if (afterRedirection) {
+      afterRedirection = false;
+      continue;
+    }
+    if (!expectProgram) continue;
+    if (/^[A-Za-z_][A-Za-z0-9_]*=/.test(token.value)) {
+      continue;
+    }
+    if (inWrapperArgs && (token.value.startsWith("-") || /^\d+$/.test(token.value))) {
+      continue;
+    }
+    if (token.value === "" && token.nested.length > 0) {
+      expectProgram = false;
+      inWrapperArgs = false;
+      continue;
+    }
+    const program = basename(token.value);
+    if (COMMAND_WRAPPERS.has(program)) {
+      out.push(program);
+      expectProgram = true;
+      inWrapperArgs = true;
+      afterRedirection = false;
+      continue;
+    }
+    out.push(program);
+    expectProgram = false;
+    inWrapperArgs = false;
+  }
+}
+function basename(word) {
+  const slash = word.lastIndexOf("/");
+  return slash >= 0 ? word.slice(slash + 1) : word;
+}
+function extractAllPrograms(command) {
+  const tokens = tokenize(command);
+  const out = [];
+  collectPrograms(tokens, out);
+  return out;
+}
+var index_default = definePlugin({
+  name: "@parel/security-basic",
+  version: "0.0.2",
+  async setup(ctx) {
+    const mode = ctx.config.mode ?? "allowlist";
+    const customExecTools = ctx.config.exec_tools;
+    const execTools = customExecTools ? new Set(customExecTools) : DEFAULT_EXEC_TOOLS;
+    const customAllowed = ctx.config.allowed_patterns;
+    const allowedPatterns = customAllowed ? customAllowed.map((p) => new RegExp(p)) : DEFAULT_ALLOWED_PATTERNS;
+    ctx.hook(
+      LifecycleEvent.ToolBefore,
+      async (hookCtx) => {
+        if (!execTools.has(hookCtx.toolCall.name)) return;
+        const command = hookCtx.toolCall.arguments.command;
+        if (!command) return;
+        const denyTargets = [command, normalizeForDeny(command)];
+        for (const pattern of DENY_PATTERNS) {
+          if (denyTargets.some((target) => pattern.test(target))) {
+            return {
+              action: "block",
+              reason: `Blocked: destructive command pattern detected`
+            };
+          }
+        }
+        if (mode === "allowlist") {
+          const programs = extractAllPrograms(command);
+          for (const prog of programs) {
+            const allowed = allowedPatterns.some((p) => p.test(prog));
+            if (!allowed) {
+              return {
+                action: "block",
+                reason: `Blocked: "${prog}" is not in the allowed command list`
+              };
+            }
+          }
+        }
+      },
+      { priority: HookPriority.Security }
+    );
+    ctx.hook(
+      LifecycleEvent.ToolAfter,
+      async (hookCtx) => {
+        const content = hookCtx.toolResult.content;
+        if (typeof content !== "string") return;
+        const redacted = redactSecrets(content);
+        if (redacted !== content) {
+          return {
+            action: "continue",
+            mutations: { toolResult: { ...hookCtx.toolResult, content: redacted } }
+          };
+        }
+      },
+      { priority: HookPriority.Security }
+    );
+    ctx.hook(
+      LifecycleEvent.ContextBuild,
+      async (hookCtx) => {
+        const system = redactSecrets(hookCtx.system);
+        const messages = hookCtx.messages.map((msg) => {
+          const parts = msg.parts.map((part) => {
+            if (part.type === "text") {
+              const text = redactSecrets(part.text);
+              return text !== part.text ? { ...part, text } : part;
+            }
+            return part;
+          });
+          return { ...msg, parts };
+        });
+        return {
+          action: "continue",
+          mutations: { system, messages }
+        };
+      },
+      { priority: HookPriority.Late }
+    );
+  }
+});
+export {
+  index_default as default
+};

package/package.json

@@ -0,0 +1,41 @@
+{
+  "name": "@parel/security-basic",
+  "version": "0.1.0",
+  "description": "PAREL plugin for basic command and secret safety checks.",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/parall-hq/parel-opensource.git",
+    "directory": "js/plugins/security-basic"
+  },
+  "bugs": {
+    "url": "https://github.com/parall-hq/parel-opensource/issues"
+  },
+  "homepage": "https://github.com/parall-hq/parel-opensource#readme",
+  "type": "module",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "dependencies": {
+    "@parel/plugin-sdk": "0.1.0"
+  },
+  "devDependencies": {
+    "tsup": "^8.0.0",
+    "typescript": "^5.8.0",
+    "vitest": "^3.0.0"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "tsup",
+    "test": "vitest run --passWithNoTests",
+    "lint": "biome check src/"
+  }
+}