icoa-cli 1.9.1 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +1 -1
- package/dist/repl.js +38 -13
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -36,7 +36,7 @@ ${LINE}
|
|
|
36
36
|
${chalk.white('Sydney, Australia')} ${chalk.gray('Jun 27 - Jul 2, 2026')}
|
|
37
37
|
${chalk.cyan.underline('https://icoa2026.au')}
|
|
38
38
|
|
|
39
|
-
${chalk.gray('CLI-Native Competition Terminal
|
|
39
|
+
${chalk.gray('CLI-Native Competition Terminal v2.0.0')}
|
|
40
40
|
|
|
41
41
|
${LINE}
|
|
42
42
|
`;
|
package/dist/repl.js
CHANGED
|
@@ -7,8 +7,27 @@ import { resetTerminalTheme } from './lib/theme.js';
|
|
|
7
7
|
import { ensureSandbox, runInSandbox, isDockerAvailable } from './lib/sandbox.js';
|
|
8
8
|
import { logCommand } from './lib/logger.js';
|
|
9
9
|
import { startLogSync, stopLogSync } from './lib/log-sync.js';
|
|
10
|
+
import { existsSync, mkdirSync } from 'node:fs';
|
|
11
|
+
import { join } from 'node:path';
|
|
12
|
+
import { homedir } from 'node:os';
|
|
13
|
+
// Competition workspace — all system commands restricted here
|
|
14
|
+
const WORKSPACE = join(homedir(), 'icoa-workspace');
|
|
15
|
+
function ensureWorkspace() {
|
|
16
|
+
if (!existsSync(WORKSPACE))
|
|
17
|
+
mkdirSync(WORKSPACE, { recursive: true });
|
|
18
|
+
return WORKSPACE;
|
|
19
|
+
}
|
|
20
|
+
// Blocked commands — security risk
|
|
21
|
+
const BLOCKED_COMMANDS = new Set([
|
|
22
|
+
'sudo', 'su', 'doas', 'pkexec', // privilege escalation
|
|
23
|
+
'brew', 'apt', 'apt-get', 'yum', 'choco', // package managers (use env setup)
|
|
24
|
+
'npm', 'npx', 'pip', 'pip3', // package install (use env setup)
|
|
25
|
+
'shutdown', 'reboot', 'halt', // system control
|
|
26
|
+
'mkfs', 'fdisk', 'dd', // disk operations
|
|
27
|
+
'iptables', 'ufw', // firewall
|
|
28
|
+
]);
|
|
10
29
|
const INTERCEPT = '__REPL_NO_EXIT__';
|
|
11
|
-
const VERSION = '
|
|
30
|
+
const VERSION = '2.0.0';
|
|
12
31
|
export async function startRepl(program, resumeMode) {
|
|
13
32
|
const config = getConfig();
|
|
14
33
|
const connected = isConnected();
|
|
@@ -83,7 +102,9 @@ export async function startRepl(program, resumeMode) {
|
|
|
83
102
|
console.log();
|
|
84
103
|
}
|
|
85
104
|
else if (activated) {
|
|
105
|
+
ensureWorkspace();
|
|
86
106
|
console.log(chalk.green(' Welcome, competitor! Ready to hack.'));
|
|
107
|
+
console.log(chalk.gray(` Workspace: ${WORKSPACE}`));
|
|
87
108
|
console.log();
|
|
88
109
|
console.log(chalk.gray(' Quick Start'));
|
|
89
110
|
console.log(chalk.gray(' ─────────────'));
|
|
@@ -193,20 +214,24 @@ export async function startRepl(program, resumeMode) {
|
|
|
193
214
|
'log', 'lang', 'setup', 'env', 'model', 'ctf',
|
|
194
215
|
];
|
|
195
216
|
if (!knownCommands.includes(cmd)) {
|
|
196
|
-
//
|
|
217
|
+
// Block dangerous commands
|
|
218
|
+
if (BLOCKED_COMMANDS.has(cmd)) {
|
|
219
|
+
console.log(chalk.red(` Blocked: ${cmd} is not allowed during competition.`));
|
|
220
|
+
console.log();
|
|
221
|
+
rl.prompt();
|
|
222
|
+
return;
|
|
223
|
+
}
|
|
224
|
+
// Force Python 3.12 — rewrite python3/python to 3.12 binaries
|
|
197
225
|
let resolvedInput = input;
|
|
198
226
|
if (process.platform === 'darwin') {
|
|
199
227
|
const py12 = '/opt/homebrew/opt/python@3.12/bin/python3.12';
|
|
200
|
-
const pip12 = '/opt/homebrew/opt/python@3.12/bin/pip3.12';
|
|
201
228
|
resolvedInput = resolvedInput
|
|
202
229
|
.replace(/^python3?\s/, `${py12} `)
|
|
203
|
-
.replace(/^
|
|
204
|
-
if (resolvedInput === 'python3' || resolvedInput === 'python')
|
|
205
|
-
resolvedInput = py12;
|
|
206
|
-
if (resolvedInput === 'pip3' || resolvedInput === 'pip')
|
|
207
|
-
resolvedInput = pip12;
|
|
230
|
+
.replace(/^(python3|python)$/, py12);
|
|
208
231
|
}
|
|
209
|
-
//
|
|
232
|
+
// Ensure workspace directory
|
|
233
|
+
const cwd = ensureWorkspace();
|
|
234
|
+
// Route to Docker sandbox if available, otherwise system shell (in workspace)
|
|
210
235
|
processing = true;
|
|
211
236
|
try {
|
|
212
237
|
if (isDockerAvailable()) {
|
|
@@ -215,11 +240,11 @@ export async function startRepl(program, resumeMode) {
|
|
|
215
240
|
await runInSandbox(resolvedInput, rl);
|
|
216
241
|
}
|
|
217
242
|
else {
|
|
218
|
-
await runSystemCommand(resolvedInput, rl);
|
|
243
|
+
await runSystemCommand(resolvedInput, rl, cwd);
|
|
219
244
|
}
|
|
220
245
|
}
|
|
221
246
|
else {
|
|
222
|
-
await runSystemCommand(resolvedInput, rl);
|
|
247
|
+
await runSystemCommand(resolvedInput, rl, cwd);
|
|
223
248
|
}
|
|
224
249
|
}
|
|
225
250
|
catch {
|
|
@@ -264,13 +289,13 @@ export async function startRepl(program, resumeMode) {
|
|
|
264
289
|
realExit(0);
|
|
265
290
|
});
|
|
266
291
|
}
|
|
267
|
-
function runSystemCommand(input, rl) {
|
|
292
|
+
function runSystemCommand(input, rl, cwd) {
|
|
268
293
|
return new Promise((resolve) => {
|
|
269
|
-
// Pause readline so the child process gets full terminal control
|
|
270
294
|
rl.pause();
|
|
271
295
|
const child = spawn(input, {
|
|
272
296
|
shell: true,
|
|
273
297
|
stdio: 'inherit',
|
|
298
|
+
cwd: cwd || process.cwd(),
|
|
274
299
|
});
|
|
275
300
|
child.on('close', () => {
|
|
276
301
|
rl.resume();
|