isol8 0.8.2 → 0.8.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/cli.js +11 -3
  2. package/dist/index.js +2 -2
  3. package/dist/src/engine/image-builder.d.ts.map +1 -1
  4. package/dist/src/engine/utils.d.ts +9 -0
  5. package/dist/src/engine/utils.d.ts.map +1 -1
  6. package/package.json +1 -1
package/dist/cli.js CHANGED
@@ -55183,6 +55183,7 @@ var init_pool = __esm(() => {
55183
55183
  // src/engine/utils.ts
55184
55184
  var exports_utils = {};
55185
55185
  __export(exports_utils, {
55186
+ validatePackageName: () => validatePackageName,
55186
55187
  truncateOutput: () => truncateOutput,
55187
55188
  parseMemoryLimit: () => parseMemoryLimit,
55188
55189
  maskSecrets: () => maskSecrets,
@@ -55277,6 +55278,12 @@ function extractFromTar(tarBuffer, targetPath) {
55277
55278
  }
55278
55279
  throw new Error(`File "${targetPath}" not found in tar archive`);
55279
55280
  }
55281
+ function validatePackageName(name) {
55282
+ if (!/^[@a-zA-Z0-9_./\-=]+$/.test(name)) {
55283
+ throw new Error(`Invalid package name: "${name}". Only alphanumeric, -, _, ., /, @, and = are allowed.`);
55284
+ }
55285
+ return name;
55286
+ }
55280
55287
 
55281
55288
  // src/engine/docker.ts
55282
55289
  var exports_docker = {};
@@ -56089,7 +56096,7 @@ var package_default;
56089
56096
  var init_package = __esm(() => {
56090
56097
  package_default = {
56091
56098
  name: "isol8",
56092
- version: "0.8.1",
56099
+ version: "0.8.2",
56093
56100
  description: "Secure code execution engine for AI agents",
56094
56101
  author: "Illusion47586",
56095
56102
  license: "MIT",
@@ -61502,8 +61509,9 @@ async function buildCustomImage(docker, runtime, packages, onProgress) {
61502
61509
  const dockerfileContent = `FROM isol8:${runtime}
61503
61510
  ${installCmd}
61504
61511
  `;
61505
- const { createTarBuffer: createTarBuffer2 } = await Promise.resolve().then(() => exports_utils);
61512
+ const { createTarBuffer: createTarBuffer2, validatePackageName: validatePackageName2 } = await Promise.resolve().then(() => exports_utils);
61506
61513
  const { Readable } = await import("node:stream");
61514
+ packages.forEach(validatePackageName2);
61507
61515
  const tarBuffer = createTarBuffer2("Dockerfile", dockerfileContent);
61508
61516
  const stream = await docker.buildImage(Readable.from(tarBuffer), {
61509
61517
  t: tag,
@@ -62096,4 +62104,4 @@ if (!process.argv.slice(2).length) {
62096
62104
  }
62097
62105
  program2.parse();
62098
62106
 
62099
- //# debugId=2B71A68DA2ABDB9664756E2164756E21
62107
+ //# debugId=6B900589B43971DE64756E2164756E21
package/dist/index.js CHANGED
@@ -1457,7 +1457,7 @@ init_logger();
1457
1457
  // package.json
1458
1458
  var package_default = {
1459
1459
  name: "isol8",
1460
- version: "0.8.1",
1460
+ version: "0.8.2",
1461
1461
  description: "Secure code execution engine for AI agents",
1462
1462
  author: "Illusion47586",
1463
1463
  license: "MIT",
@@ -1792,4 +1792,4 @@ export {
1792
1792
  BunAdapter
1793
1793
  };
1794
1794
 
1795
- //# debugId=3E8DBF80E2D1D77264756E2164756E21
1795
+ //# debugId=D81C2764EAFDC14264756E2164756E21
package/dist/src/engine/image-builder.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"image-builder.d.ts","sourceRoot":"","sources":["../../../src/engine/image-builder.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,KAAK,MAAM,MAAM,WAAW,CAAC;AAEpC,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAmB5C,mDAAmD;AACnD,UAAU,aAAa;IACrB,6CAA6C;IAC7C,OAAO,EAAE,MAAM,CAAC;IAChB,4BAA4B;IAC5B,MAAM,EAAE,UAAU,GAAG,MAAM,GAAG,OAAO,CAAC;IACtC,+DAA+D;IAC/D,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,KAAK,gBAAgB,GAAG,CAAC,QAAQ,EAAE,aAAa,KAAK,IAAI,CAAC;AAE1D;;;;;;GAMG;AACH,wBAAsB,eAAe,CACnC,MAAM,EAAE,MAAM,EACd,UAAU,CAAC,EAAE,gBAAgB,GAC5B,OAAO,CAAC,IAAI,CAAC,CAmCf;AAED;;;;;;;GAOG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,WAAW,EACnB,UAAU,CAAC,EAAE,gBAAgB,GAC5B,OAAO,CAAC,IAAI,CAAC,CAkBf;AA4DD;;GAEG;AACH,wBAAsB,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAOrF;AAED;;GAEG;AACH,wBAAsB,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC,CAa/F"}
1
+ {"version":3,"file":"image-builder.d.ts","sourceRoot":"","sources":["../../../src/engine/image-builder.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,KAAK,MAAM,MAAM,WAAW,CAAC;AAEpC,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAmB5C,mDAAmD;AACnD,UAAU,aAAa;IACrB,6CAA6C;IAC7C,OAAO,EAAE,MAAM,CAAC;IAChB,4BAA4B;IAC5B,MAAM,EAAE,UAAU,GAAG,MAAM,GAAG,OAAO,CAAC;IACtC,+DAA+D;IAC/D,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,KAAK,gBAAgB,GAAG,CAAC,QAAQ,EAAE,aAAa,KAAK,IAAI,CAAC;AAE1D;;;;;;GAMG;AACH,wBAAsB,eAAe,CACnC,MAAM,EAAE,MAAM,EACd,UAAU,CAAC,EAAE,gBAAgB,GAC5B,OAAO,CAAC,IAAI,CAAC,CAmCf;AAED;;;;;;;GAOG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,WAAW,EACnB,UAAU,CAAC,EAAE,gBAAgB,GAC5B,OAAO,CAAC,IAAI,CAAC,CAkBf;AAgED;;GAEG;AACH,wBAAsB,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAOrF;AAED;;GAEG;AACH,wBAAsB,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC,CAa/F"}
package/dist/src/engine/utils.d.ts CHANGED
@@ -59,4 +59,13 @@ export declare function createTarBuffer(filePath: string, content: Buffer | stri
59
59
  * @throws {Error} If the file is not found in the archive.
60
60
  */
61
61
  export declare function extractFromTar(tarBuffer: Buffer, targetPath: string): Buffer;
62
+ /**
63
+ * Validates a package name to prevent command injection.
64
+ * allow alphanumeric, dash, underscore, dot, @, / (for scoped packages), and = (for versions)
65
+ *
66
+ * @param name - The package name to validate.
67
+ * @returns The name if valid.
68
+ * @throws {Error} If the name contains invalid characters.
69
+ */
70
+ export declare function validatePackageName(name: string): string;
62
71
  //# sourceMappingURL=utils.d.ts.map
package/dist/src/engine/utils.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/engine/utils.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;;;;;;;;;;GAYG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAiBtD;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAC5B,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,GACf;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,OAAO,CAAA;CAAE,CAetC;AAED;;;;;;;GAOG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,CAQjF;AAED;;;;;;;;;GASG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CA8ClF;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM,CAoC5E"}
1
+ {"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/engine/utils.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;;;;;;;;;;GAYG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAiBtD;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAC5B,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,GACf;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,OAAO,CAAA;CAAE,CAetC;AAED;;;;;;;GAOG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,CAQjF;AAED;;;;;;;;;GASG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CA8ClF;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM,CAoC5E;AAED;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAQxD"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "isol8",
3
- "version": "0.8.2",
3
+ "version": "0.8.3",
4
4
  "description": "Secure code execution engine for AI agents",
5
5
  "author": "Illusion47586",
6
6
  "license": "MIT",