@yamo/cli 1.3.1 → 1.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +29 -4
- package/package.json +5 -3
package/dist/index.js
CHANGED
|
@@ -97,7 +97,7 @@ program
|
|
|
97
97
|
.description("Submit a YAMO block to the blockchain")
|
|
98
98
|
.argument("<file>", "Path to the YAMO file")
|
|
99
99
|
.requiredOption("--id <blockId>", "Unique Block ID")
|
|
100
|
-
.option("--prev <previousBlock>", "Previous Block Hash
|
|
100
|
+
.option("--prev <previousBlock>", "Previous Block Hash (omits to auto-fetch from chain)")
|
|
101
101
|
.option("--consensus <type>", "Consensus Type", "cli_manual")
|
|
102
102
|
.option("--ledger <name>", "Ledger Name", "yamo_cli")
|
|
103
103
|
.option("--ipfs", "Upload content to IPFS before submitting")
|
|
@@ -134,10 +134,20 @@ program
|
|
|
134
134
|
const files = [{ name: "block.yamo", content }];
|
|
135
135
|
if (outputMatch) {
|
|
136
136
|
const artifactName = outputMatch[1].trim();
|
|
137
|
+
// Security: Check for path traversal patterns in artifact name (Part 3: Security Fixes)
|
|
138
|
+
if (artifactName.includes('..') || artifactName.startsWith('/')) {
|
|
139
|
+
throw new Error(`Invalid artifact name: ${artifactName} (path-like names are not allowed)`);
|
|
140
|
+
}
|
|
137
141
|
const artifactPath = path_1.default.join(path_1.default.dirname(file), artifactName);
|
|
138
|
-
|
|
142
|
+
// Security: Resolve to absolute path and restrict to input file directory
|
|
143
|
+
const resolvedPath = path_1.default.resolve(artifactPath);
|
|
144
|
+
const inputDir = path_1.default.resolve(path_1.default.dirname(file));
|
|
145
|
+
if (!resolvedPath.startsWith(inputDir)) {
|
|
146
|
+
throw new Error(`Artifact path outside allowed directory: ${artifactName}`);
|
|
147
|
+
}
|
|
148
|
+
if (fs_1.default.existsSync(resolvedPath)) {
|
|
139
149
|
console.log(chalk_1.default.cyan(`Bundling output: ${artifactName}`));
|
|
140
|
-
files.push({ name: artifactName, content: fs_1.default.readFileSync(
|
|
150
|
+
files.push({ name: artifactName, content: fs_1.default.readFileSync(resolvedPath, "utf8") });
|
|
141
151
|
}
|
|
142
152
|
}
|
|
143
153
|
let encryptionKey = undefined;
|
|
@@ -151,7 +161,22 @@ program
|
|
|
151
161
|
ipfsCID = await ipfsManager.upload({ content, files, encryptionKey });
|
|
152
162
|
console.log(chalk_1.default.cyan(`IPFS Bundle CID: ${ipfsCID}`));
|
|
153
163
|
}
|
|
154
|
-
|
|
164
|
+
// Auto-fetch previousBlock if not provided (chain continuation)
|
|
165
|
+
let resolvedPreviousBlock = options.prev;
|
|
166
|
+
if (!resolvedPreviousBlock) {
|
|
167
|
+
console.log(chalk_1.default.blue(`[INFO] No previousBlock provided, fetching latest block from chain...`));
|
|
168
|
+
const latestBlock = await chainClient.getLatestBlock();
|
|
169
|
+
if (latestBlock) {
|
|
170
|
+
resolvedPreviousBlock = latestBlock.contentHash;
|
|
171
|
+
console.log(chalk_1.default.green(`[INFO] Using latest block's contentHash: ${resolvedPreviousBlock}`));
|
|
172
|
+
}
|
|
173
|
+
else {
|
|
174
|
+
// No blocks exist yet, use genesis
|
|
175
|
+
resolvedPreviousBlock = "0x0000000000000000000000000000000000000000000000000000000000000000";
|
|
176
|
+
console.log(chalk_1.default.yellow(`[INFO] No existing blocks found, using genesis`));
|
|
177
|
+
}
|
|
178
|
+
}
|
|
179
|
+
await chainClient.submitBlock(options.id, resolvedPreviousBlock, contentHash, options.consensus, options.ledger, ipfsCID);
|
|
155
180
|
}
|
|
156
181
|
catch (error) {
|
|
157
182
|
console.error(chalk_1.default.red(`Error: ${error.message}`));
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@yamo/cli",
|
|
3
|
-
"version": "1.3.
|
|
3
|
+
"version": "1.3.4",
|
|
4
4
|
"description": "YAMO Protocol v0.4 - Command-line tools for blockchain integration",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"type": "commonjs",
|
|
@@ -16,7 +16,9 @@
|
|
|
16
16
|
"scripts": {
|
|
17
17
|
"build": "tsc && chmod +x dist/index.js",
|
|
18
18
|
"prepublishOnly": "npm run build",
|
|
19
|
-
"start": "node dist/index.js"
|
|
19
|
+
"start": "node dist/index.js",
|
|
20
|
+
"test": "node --test test/**/*.test.js",
|
|
21
|
+
"test:security": "node --test test/security.test.js"
|
|
20
22
|
},
|
|
21
23
|
"keywords": [
|
|
22
24
|
"yamo",
|
|
@@ -41,7 +43,7 @@
|
|
|
41
43
|
"typescript": "^5.9.3"
|
|
42
44
|
},
|
|
43
45
|
"dependencies": {
|
|
44
|
-
"@yamo/core": "^1.
|
|
46
|
+
"@yamo/core": "^1.2.7",
|
|
45
47
|
"axios": "^1.13.2",
|
|
46
48
|
"chalk": "^4.1.2",
|
|
47
49
|
"commander": "^12.0.0",
|