@vibe-validate/git 0.12.2 → 0.14.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/tree-hash.d.ts.map +1 -1
- package/dist/tree-hash.js +8 -2
- package/dist/tree-hash.js.map +1 -1
- package/package.json +1 -1
package/dist/tree-hash.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tree-hash.d.ts","sourceRoot":"","sources":["../src/tree-hash.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;
|
|
1
|
+
{"version":3,"file":"tree-hash.d.ts","sourceRoot":"","sources":["../src/tree-hash.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAYH;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAsB,cAAc,IAAI,OAAO,CAAC,MAAM,CAAC,CAkFtD;AAED;;;;;;;GAOG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC,MAAM,CAAC,CAQvD;AAED;;;;GAIG;AACH,wBAAsB,qBAAqB,IAAI,OAAO,CAAC,OAAO,CAAC,CAS9D"}
|
package/dist/tree-hash.js
CHANGED
|
@@ -11,6 +11,7 @@
|
|
|
11
11
|
* git write-tree produces content-based hashes only (no timestamps).
|
|
12
12
|
*/
|
|
13
13
|
import { execSync } from 'child_process';
|
|
14
|
+
import { copyFileSync, unlinkSync } from 'fs';
|
|
14
15
|
const GIT_TIMEOUT = 30000; // 30 seconds timeout for git operations
|
|
15
16
|
const GIT_OPTIONS = {
|
|
16
17
|
encoding: 'utf8',
|
|
@@ -46,7 +47,9 @@ export async function getGitTreeHash() {
|
|
|
46
47
|
try {
|
|
47
48
|
// Step 1: Copy current index to temp index
|
|
48
49
|
const currentIndex = `${gitDir}/index`;
|
|
49
|
-
|
|
50
|
+
// SECURITY: Use Node.js fs.copyFileSync instead of shell cp command
|
|
51
|
+
// Prevents potential command injection if gitDir contains malicious characters
|
|
52
|
+
copyFileSync(currentIndex, tempIndexFile);
|
|
50
53
|
// Step 2: Use temp index for all operations (doesn't affect real index)
|
|
51
54
|
const tempIndexOptions = {
|
|
52
55
|
...GIT_OPTIONS,
|
|
@@ -89,10 +92,13 @@ export async function getGitTreeHash() {
|
|
|
89
92
|
finally {
|
|
90
93
|
// Step 5: Always clean up temp index file
|
|
91
94
|
try {
|
|
92
|
-
|
|
95
|
+
// SECURITY: Use Node.js fs.unlinkSync instead of shell rm command
|
|
96
|
+
// Prevents potential command injection if tempIndexFile contains malicious characters
|
|
97
|
+
unlinkSync(tempIndexFile);
|
|
93
98
|
}
|
|
94
99
|
catch (_cleanupError) {
|
|
95
100
|
// Ignore cleanup errors - temp file cleanup is best effort
|
|
101
|
+
// unlinkSync throws if file doesn't exist (same as rm -f behavior)
|
|
96
102
|
}
|
|
97
103
|
}
|
|
98
104
|
}
|
package/dist/tree-hash.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tree-hash.js","sourceRoot":"","sources":["../src/tree-hash.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;
|
|
1
|
+
{"version":3,"file":"tree-hash.js","sourceRoot":"","sources":["../src/tree-hash.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAE9C,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,wCAAwC;AACnE,MAAM,WAAW,GAAG;IAClB,QAAQ,EAAE,MAAe;IACzB,OAAO,EAAE,WAAW;IACpB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAA6B;CAC5D,CAAC;AAEF;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,IAAI,CAAC;QACH,qCAAqC;QACrC,QAAQ,CAAC,qCAAqC,EAAE,WAAW,CAAC,CAAC;QAE7D,+CAA+C;QAC/C,MAAM,MAAM,GAAG,QAAQ,CAAC,yBAAyB,EAAE,WAAW,CAAC,CAAC,IAAI,EAAE,CAAC;QACvE,MAAM,aAAa,GAAG,GAAG,MAAM,2BAA2B,CAAC;QAE3D,IAAI,CAAC;YACH,2CAA2C;YAC3C,MAAM,YAAY,GAAG,GAAG,MAAM,QAAQ,CAAC;YACvC,oEAAoE;YACpE,+EAA+E;YAC/E,YAAY,CAAC,YAAY,EAAE,aAAa,CAAC,CAAC;YAE1C,wEAAwE;YACxE,MAAM,gBAAgB,GAAoD;gBACxE,GAAG,WAAW;gBACd,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,cAAc,EAAE,aAAa,EAAE;aACvD,CAAC;YAEF,gEAAgE;YAChE,0EAA0E;YAC1E,EAAE;YACF,2BAA2B;YAC3B,4DAA4D;YAC5D,0EAA0E;YAC1E,+DAA+D;YAC/D,EAAE;YACF,mBAAmB;YACnB,oEAAoE;YACpE,gEAAgE;YAChE,qEAAqE;YACrE,gEAAgE;YAChE,EAAE;YACF,qFAAqF;YACrF,IAAI,CAAC;gBACH,QAAQ,CAAC,eAAe,EAAE;oBACxB,GAAG,gBAAgB;oBACnB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,oCAAoC;iBACrE,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,QAAQ,EAAE,CAAC;gBAClB,4DAA4D;gBAC5D,qDAAqD;gBACrD,MAAM,YAAY,GAAG,QAAQ,YAAY,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;gBACrF,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;oBACtC,wBAAwB;oBACxB,MAAM,QAAQ,CAAC;gBACjB,CAAC;YACH,CAAC;YAED,wEAAwE;YACxE,MAAM,QAAQ,GAAG,QAAQ,CAAC,gBAAgB,EAAE,gBAAgB,CAAC,CAAC,IAAI,EAAE,CAAC;YAErE,OAAO,QAAQ,CAAC;QAElB,CAAC;gBAAS,CAAC;YACT,0CAA0C;YAC1C,IAAI,CAAC;gBACH,kEAAkE;gBAClE,sFAAsF;gBACtF,UAAU,CAAC,aAAa,CAAC,CAAC;YAC5B,CAAC;YAAC,OAAO,aAAa,EAAE,CAAC;gBACvB,2DAA2D;gBAC3D,mEAAmE;YACrE,CAAC;QACH,CAAC;IAEH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,8BAA8B;QAC9B,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAE5E,IAAI,YAAY,CAAC,QAAQ,CAAC,sBAAsB,CAAC,EAAE,CAAC;YAClD,sDAAsD;YACtD,OAAO,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;YACtE,OAAO,SAAS,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;QAC/B,CAAC;QAED,mBAAmB;QACnB,MAAM,IAAI,KAAK,CAAC,sCAAsC,YAAY,EAAE,CAAC,CAAC;IACxE,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,QAAQ,CAAC,2BAA2B,EAAE,WAAW,CAAC,CAAC,IAAI,EAAE,CAAC;QAC3E,OAAO,QAAQ,CAAC;IAClB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5E,MAAM,IAAI,KAAK,CAAC,iCAAiC,YAAY,EAAE,CAAC,CAAC;IACnE,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB;IACzC,IAAI,CAAC;QACH,MAAM,eAAe,GAAG,MAAM,cAAc,EAAE,CAAC;QAC/C,MAAM,YAAY,GAAG,MAAM,eAAe,EAAE,CAAC;QAC7C,OAAO,eAAe,KAAK,YAAY,CAAC;IAC1C,CAAC;IAAC,OAAO,MAAM,EAAE,CAAC;QAChB,iEAAiE;QACjE,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}
|
package/package.json
CHANGED