npm - @sk8metal/michi-cli - Versions diffs - 0.4.0 → 0.7.0 - Mend

@sk8metal/michi-cli 0.4.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (321) hide show

package/scripts/utils/multi-repo-validator.ts ADDED Viewed

@@ -0,0 +1,141 @@
+/**
+ * multi-repo-validator.ts
+ * Multi-Repo機能のバリデーションユーティリティ
+ *
+ * プロジェクト名、JIRAキー、リポジトリURLのバリデーションとセキュリティチェックを行います。
+ */
+/**
+ * バリデーション結果
+ */
+export interface ValidationResult {
+  isValid: boolean;
+  errors: string[];
+  warnings: string[];
+}
+/**
+ * プロジェクト名のバリデーション
+ * セキュリティ対策: パストラバーサル、相対パス、制御文字をチェック
+ */
+export function validateProjectName(name: string): ValidationResult {
+  const errors: string[] = [];
+  const warnings: string[] = [];
+  // 長さチェック: 1-100文字
+  if (name.length < 1 || name.length > 100) {
+    errors.push('Project name must be between 1 and 100 characters');
+  }
+  // パストラバーサル対策: '/', '\' 禁止
+  if (name.includes('/') || name.includes('\\')) {
+    errors.push(
+      'Project name must not contain path traversal characters (/, \\)',
+    );
+  }
+  // 相対パス対策: '.', '..' 禁止
+  if (name === '.' || name === '..') {
+    errors.push(
+      'Project name must not be relative path components (., ..)',
+    );
+  }
+  // 制御文字対策: \x00-\x1F, \x7F 禁止
+  // eslint-disable-next-line no-control-regex
+  const controlCharRegex = /[\x00-\x1F\x7F]/;
+  if (controlCharRegex.test(name)) {
+    errors.push('Project name must not contain control characters');
+  }
+  return {
+    isValid: errors.length === 0,
+    errors,
+    warnings,
+  };
+}
+/**
+ * JIRAキーのバリデーション
+ * 2-10文字の大文字英字のみ許可
+ */
+export function validateJiraKey(key: string): ValidationResult {
+  const errors: string[] = [];
+  const warnings: string[] = [];
+  // 正規表現: 2-10文字の大文字英字
+  const jiraKeyRegex = /^[A-Z]{2,10}$/;
+  if (!jiraKeyRegex.test(key)) {
+    errors.push('JIRA key must be 2-10 uppercase letters');
+  }
+  return {
+    isValid: errors.length === 0,
+    errors,
+    warnings,
+  };
+}
+/**
+ * リポジトリURLのバリデーション
+ * GitHub HTTPS URL形式のみ許可
+ */
+export function validateRepositoryUrl(url: string): ValidationResult {
+  const errors: string[] = [];
+  const warnings: string[] = [];
+  // 空文字列チェック
+  if (!url || url.trim() === '') {
+    errors.push('Repository URL is empty');
+    return { isValid: false, errors, warnings };
+  }
+  // SSH URL検出（git@github.com:形式）
+  if (url.startsWith('git@')) {
+    errors.push(
+      'Repository URL must be in GitHub format: https://github.com/{owner}/{repo}',
+    );
+    return { isValid: false, errors, warnings };
+  }
+  // URL形式チェック
+  try {
+    const parsedUrl = new URL(url);
+    // HTTPSプロトコルチェック
+    if (parsedUrl.protocol !== 'https:') {
+      errors.push('Repository URL must use HTTPS protocol');
+    }
+    // GitHub URL形式チェック: https://github.com/{owner}/{repo}
+    const githubPattern = /^https:\/\/github\.com\/[^/]+\/[^/]+$/;
+    if (!githubPattern.test(url)) {
+      errors.push(
+        'Repository URL must be in GitHub format: https://github.com/{owner}/{repo}',
+      );
+    }
+    // .git拡張子チェック
+    if (url.endsWith('.git')) {
+      errors.push('Repository URL must not include .git extension');
+    }
+    // プレースホルダー検出
+    if (
+      url.includes('your-org') ||
+      url.includes('your-repo') ||
+      url.includes('repo-name')
+    ) {
+      errors.push('Repository URL contains placeholder values');
+    }
+  } catch (_error) {
+    errors.push('Repository URL format is invalid');
+  }
+  return {
+    isValid: errors.length === 0,
+    errors,
+    warnings,
+  };
+}

package/scripts/utils/project-meta.ts CHANGED Viewed

@@ -67,3 +67,30 @@ Team: ${meta.team.join(', ')}
 `.trim();
 }
+/**
+ * GitHub リポジトリ情報を取得
+ * repository フィールドから owner/repo 形式を抽出
+ *
+ * @param projectRoot プロジェクトルートディレクトリ（デフォルト: カレントディレクトリ）
+ * @returns owner/repo 形式のリポジトリ情報
+ * @throws リポジトリ情報が見つからない、または無効な形式の場合
+ */
+export function getRepositoryInfo(projectRoot: string = process.cwd()): string {
+  const meta = loadProjectMeta(projectRoot);
+  if (!meta.repository) {
+    throw new Error('Repository information not found in project.json');
+  }
+  // URL形式から owner/repo を抽出
+  // 例: https://github.com/owner/repo.git -> owner/repo
+  // 例: git@github.com:owner/repo.git -> owner/repo
+  const match = meta.repository.match(/github\.com[:/]([\w-]+\/[\w-]+)(\.git)?/);
+  if (!match) {
+    throw new Error(`Invalid GitHub repository format: ${meta.repository}`);
+  }
+  return match[1];
+}

package/scripts/utils/security-validator.ts ADDED Viewed

@@ -0,0 +1,286 @@
+/**
+ * security-validator.ts
+ * セキュリティ検証ユーティリティ
+ *
+ * 環境変数やAPIトークンなど機密情報のバリデーションとセキュリティチェックを行います。
+ */
+import { statSync } from 'fs';
+/**
+ * バリデーション結果
+ */
+export interface ValidationResult {
+  isValid: boolean;
+  errors: string[];
+  warnings: string[];
+}
+/**
+ * APIトークン形式の検証
+ */
+export function validateAtlassianToken(token: string): ValidationResult {
+  const errors: string[] = [];
+  const warnings: string[] = [];
+  if (!token || token.trim() === '') {
+    errors.push('Atlassian API token is empty');
+    return { isValid: false, errors, warnings };
+  }
+  if (token.includes(' ')) {
+    errors.push('Atlassian API token contains spaces');
+  }
+  if (token === 'your-token-here' || token === 'test-token' || token === 'token123') {
+    errors.push('Atlassian API token is a placeholder value');
+  }
+  if (token.length < 20) {
+    warnings.push('Atlassian API token seems too short (expected >20 characters)');
+  }
+  return {
+    isValid: errors.length === 0,
+    errors,
+    warnings,
+  };
+}
+/**
+ * GitHub Personal Access Token の検証
+ */
+export function validateGitHubToken(token: string): ValidationResult {
+  const errors: string[] = [];
+  const warnings: string[] = [];
+  if (!token || token.trim() === '') {
+    errors.push('GitHub token is empty');
+  } else if (token.includes(' ')) {
+    errors.push('GitHub token contains spaces');
+  } else if (!token.startsWith('ghp_') && !token.startsWith('github_pat_')) {
+    warnings.push('GitHub token does not start with expected prefix (ghp_ or github_pat_)');
+  } else if (token === 'ghp_xxx' || token === 'your-github-token' || token === 'github-token') {
+    errors.push('GitHub token is a placeholder value');
+  } else if (token.length < 30) {
+    warnings.push('GitHub token seems too short');
+  }
+  return {
+    isValid: errors.length === 0,
+    errors,
+    warnings,
+  };
+}
+/**
+ * メールアドレス形式の検証
+ */
+export function validateEmail(email: string): ValidationResult {
+  const errors: string[] = [];
+  const warnings: string[] = [];
+  if (!email || email.trim() === '') {
+    errors.push('Email is empty');
+  } else {
+    const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+    if (!emailRegex.test(email)) {
+      errors.push('Email format is invalid');
+    } else if (
+      email === 'user@example.com' ||
+      email.includes('your-email') ||
+      email === 'test@example.com'
+    ) {
+      errors.push('Email is a placeholder value');
+    }
+  }
+  return {
+    isValid: errors.length === 0,
+    errors,
+    warnings,
+  };
+}
+/**
+ * URL形式の検証
+ */
+export function validateUrl(url: string, expectedDomain?: string): ValidationResult {
+  const errors: string[] = [];
+  const warnings: string[] = [];
+  if (!url || url.trim() === '') {
+    errors.push('URL is empty');
+  } else {
+    try {
+      const parsedUrl = new URL(url);
+      if (parsedUrl.protocol !== 'https:' && parsedUrl.protocol !== 'http:') {
+        errors.push(`Invalid URL protocol: ${parsedUrl.protocol} (expected https: or http:)`);
+      }
+      if (parsedUrl.protocol === 'http:') {
+        warnings.push('URL uses insecure http:// protocol (consider using https://)');
+      }
+      if (expectedDomain && !parsedUrl.hostname.includes(expectedDomain)) {
+        errors.push(`URL hostname ${parsedUrl.hostname} does not contain expected domain: ${expectedDomain}`);
+      }
+      if (url === 'https://example.com' || url === 'https://your-domain.atlassian.net') {
+        errors.push('URL is a placeholder value');
+      }
+    } catch (error) {
+      errors.push(`URL parsing failed: ${error instanceof Error ? error.message : error}`);
+    }
+  }
+  return {
+    isValid: errors.length === 0,
+    errors,
+    warnings,
+  };
+}
+/**
+ * Atlassian URL の検証
+ */
+export function validateAtlassianUrl(url: string): ValidationResult {
+  const result = validateUrl(url, 'atlassian.net');
+  if (result.isValid) {
+    try {
+      const parsedUrl = new URL(url);
+      if (!parsedUrl.hostname.endsWith('.atlassian.net')) {
+        result.errors.push('Atlassian URL must end with .atlassian.net');
+        result.isValid = false;
+      }
+    } catch {
+      // Already handled in validateUrl
+    }
+  }
+  return result;
+}
+/**
+ * GitHub リポジトリ URL の検証
+ */
+export function validateGitHubRepositoryUrl(url: string): ValidationResult {
+  const errors: string[] = [];
+  const warnings: string[] = [];
+  if (!url || url.trim() === '') {
+    errors.push('Repository URL is empty');
+  } else {
+    // GitHub URL 形式のパターン
+    const httpsPattern = /^https:\/\/github\.com\/[\w-]+\/[\w-]+(\.git)?$/;
+    const sshPattern = /^git@github\.com:[\w-]+\/[\w-]+(\.git)?$/;
+    if (!httpsPattern.test(url) && !sshPattern.test(url)) {
+      errors.push(
+        'Repository URL must be in format: https://github.com/owner/repo.git or git@github.com:owner/repo.git',
+      );
+    }
+    if (url.includes('your-org') || url.includes('your-repo')) {
+      errors.push('Repository URL contains placeholder values');
+    }
+  }
+  return {
+    isValid: errors.length === 0,
+    errors,
+    warnings,
+  };
+}
+/**
+ * 環境変数の包括的検証
+ */
+export interface EnvValidationConfig {
+  atlassianUrl?: string;
+  atlassianEmail?: string;
+  atlassianApiToken?: string;
+  githubOrg?: string;
+  githubToken?: string;
+  repositoryUrl?: string;
+}
+export function validateEnvironmentConfig(config: EnvValidationConfig): ValidationResult {
+  const allErrors: string[] = [];
+  const allWarnings: string[] = [];
+  if (config.atlassianUrl !== undefined) {
+    const result = validateAtlassianUrl(config.atlassianUrl);
+    allErrors.push(...result.errors.map((e) => `ATLASSIAN_URL: ${e}`));
+    allWarnings.push(...result.warnings.map((w) => `ATLASSIAN_URL: ${w}`));
+  }
+  if (config.atlassianEmail !== undefined) {
+    const result = validateEmail(config.atlassianEmail);
+    allErrors.push(...result.errors.map((e) => `ATLASSIAN_EMAIL: ${e}`));
+    allWarnings.push(...result.warnings.map((w) => `ATLASSIAN_EMAIL: ${w}`));
+  }
+  if (config.atlassianApiToken !== undefined) {
+    const result = validateAtlassianToken(config.atlassianApiToken);
+    allErrors.push(...result.errors.map((e) => `ATLASSIAN_API_TOKEN: ${e}`));
+    allWarnings.push(...result.warnings.map((w) => `ATLASSIAN_API_TOKEN: ${w}`));
+  }
+  if (config.githubOrg !== undefined) {
+    if (!config.githubOrg || config.githubOrg.trim() === '') {
+      allErrors.push('GITHUB_ORG: GitHub organization is empty');
+    } else if (config.githubOrg.includes('your-org')) {
+      allErrors.push('GITHUB_ORG: GitHub organization is a placeholder value');
+    }
+  }
+  if (config.githubToken !== undefined) {
+    const result = validateGitHubToken(config.githubToken);
+    allErrors.push(...result.errors.map((e) => `GITHUB_TOKEN: ${e}`));
+    allWarnings.push(...result.warnings.map((w) => `GITHUB_TOKEN: ${w}`));
+  }
+  if (config.repositoryUrl !== undefined) {
+    const result = validateGitHubRepositoryUrl(config.repositoryUrl);
+    allErrors.push(...result.errors.map((e) => `repository: ${e}`));
+    allWarnings.push(...result.warnings.map((w) => `repository: ${w}`));
+  }
+  return {
+    isValid: allErrors.length === 0,
+    errors: allErrors,
+    warnings: allWarnings,
+  };
+}
+/**
+ * ファイルパーミッションの検証（Unix系のみ）
+ */
+export function validateFilePermissions(filePath: string, expectedMode: number = 0o600): ValidationResult {
+  const errors: string[] = [];
+  const warnings: string[] = [];
+  try {
+    const stats = statSync(filePath);
+    const actualMode = stats.mode & 0o777;
+    if (actualMode !== expectedMode) {
+      const actualOctal = actualMode.toString(8);
+      const expectedOctal = expectedMode.toString(8);
+      warnings.push(
+        `File permissions are ${actualOctal} but should be ${expectedOctal} for security. Run: chmod ${expectedOctal} ${filePath}`,
+      );
+    }
+  } catch (error) {
+    errors.push(`Failed to check file permissions: ${error instanceof Error ? error.message : error}`);
+  }
+  return {
+    isValid: errors.length === 0,
+    errors,
+    warnings,
+  };
+}