juggernaut-bedrock 4.2.3 → 4.2.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +42 -10
- package/package.json +6 -6
package/index.js
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
"use strict";
|
|
3
3
|
|
|
4
4
|
var path = require("path");
|
|
5
|
-
var
|
|
5
|
+
var childProcess = require("node:child_process");
|
|
6
6
|
var fs = require("fs");
|
|
7
7
|
|
|
8
8
|
var PLATFORM_MAP = {
|
|
@@ -41,7 +41,6 @@ function containsPackage(pkgName) {
|
|
|
41
41
|
|
|
42
42
|
/**
|
|
43
43
|
* @param {string} pkgName
|
|
44
|
-
* @param {string} platform
|
|
45
44
|
* @returns {string}
|
|
46
45
|
*/
|
|
47
46
|
function resolvePkgDir(pkgName) {
|
|
@@ -60,6 +59,33 @@ function getBinaryPath(pkgName, platform) {
|
|
|
60
59
|
return path.join(resolvePkgDir(pkgName), "bin", binaryName); // nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
|
|
61
60
|
}
|
|
62
61
|
|
|
62
|
+
/**
|
|
63
|
+
* Resolves bin to a real absolute path and asserts it stays within
|
|
64
|
+
* __dirname, preventing any tainted or traversed path from executing.
|
|
65
|
+
* @param {string} binPath
|
|
66
|
+
* @returns {string}
|
|
67
|
+
*/
|
|
68
|
+
function safeResolveBin(binPath) {
|
|
69
|
+
var real = fs.realpathSync(binPath); // nosemgrep: javascript_pathtraversal_rule-non-literal-fs-filename, javascript.lang.security.audit.detect-non-literal-fs-filename.detect-non-literal-fs-filename
|
|
70
|
+
var base = fs.realpathSync(__dirname); // nosemgrep: javascript_pathtraversal_rule-non-literal-fs-filename
|
|
71
|
+
if (!real.startsWith(base + path.sep) && real !== base) {
|
|
72
|
+
throw new Error("binary path escapes package directory: " + real);
|
|
73
|
+
}
|
|
74
|
+
return real;
|
|
75
|
+
}
|
|
76
|
+
|
|
77
|
+
function safeForwardArgs(args) {
|
|
78
|
+
var forwarded = [];
|
|
79
|
+
for (var i = 0; i < args.length; i++) {
|
|
80
|
+
var arg = String(args[i]);
|
|
81
|
+
if (arg.indexOf("\u0000") !== -1) {
|
|
82
|
+
throw new Error("invalid NUL byte in argument");
|
|
83
|
+
}
|
|
84
|
+
forwarded.push(arg);
|
|
85
|
+
}
|
|
86
|
+
return forwarded;
|
|
87
|
+
}
|
|
88
|
+
|
|
63
89
|
if (require.main === module) {
|
|
64
90
|
var pkg = getPlatformPackage(process.platform, process.arch);
|
|
65
91
|
if (!pkg) {
|
|
@@ -70,23 +96,29 @@ if (require.main === module) {
|
|
|
70
96
|
process.exit(1);
|
|
71
97
|
}
|
|
72
98
|
|
|
73
|
-
var
|
|
74
|
-
// nosemgrep: javascript_pathtraversal_rule-non-literal-fs-filename, javascript.lang.security.audit.detect-non-literal-fs-filename
|
|
75
|
-
if (!fs.existsSync(bin)) {
|
|
99
|
+
var binRaw = getBinaryPath(pkg, process.platform);
|
|
100
|
+
if (!fs.existsSync(binRaw)) { // nosemgrep: javascript_pathtraversal_rule-non-literal-fs-filename, javascript.lang.security.audit.detect-non-literal-fs-filename.detect-non-literal-fs-filename
|
|
76
101
|
process.stderr.write(
|
|
77
|
-
"juggernaut-bedrock: binary not found at " +
|
|
102
|
+
"juggernaut-bedrock: binary not found at " + binRaw + "\n" +
|
|
78
103
|
"Try reinstalling: npm install -g juggernaut-bedrock\n" +
|
|
79
104
|
"If the problem persists, file an issue: https://github.com/jpvelasco/juggernaut/issues\n"
|
|
80
105
|
);
|
|
81
106
|
process.exit(1);
|
|
82
107
|
}
|
|
83
108
|
|
|
84
|
-
|
|
85
|
-
var
|
|
109
|
+
var bin = safeResolveBin(binRaw);
|
|
110
|
+
var args = safeForwardArgs(process.argv.slice(2));
|
|
111
|
+
var result = childProcess.spawnSync(bin, args, {
|
|
86
112
|
stdio: "inherit",
|
|
87
|
-
env: process.env
|
|
113
|
+
env: Object.assign({}, process.env),
|
|
114
|
+
shell: false,
|
|
115
|
+
windowsHide: true
|
|
88
116
|
});
|
|
89
117
|
process.exit(result.status !== null ? result.status : 1);
|
|
90
118
|
}
|
|
91
119
|
|
|
92
|
-
module.exports = {
|
|
120
|
+
module.exports = {
|
|
121
|
+
getPlatformPackage: getPlatformPackage,
|
|
122
|
+
getBinaryPath: getBinaryPath,
|
|
123
|
+
safeForwardArgs: safeForwardArgs
|
|
124
|
+
};
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "juggernaut-bedrock",
|
|
3
|
-
"version": "4.2.
|
|
3
|
+
"version": "4.2.5",
|
|
4
4
|
"description": "Route Claude Code through Amazon Bedrock in one command — IAM, SSO, or API key. Cross-platform CLI for GenAI developers.",
|
|
5
5
|
"bin": {
|
|
6
6
|
"juggernaut": "./index.js"
|
|
@@ -9,11 +9,11 @@
|
|
|
9
9
|
"test": "node --test index.test.js"
|
|
10
10
|
},
|
|
11
11
|
"optionalDependencies": {
|
|
12
|
-
"juggernaut-bedrock-linux-x64": "4.2.
|
|
13
|
-
"juggernaut-bedrock-linux-arm64": "4.2.
|
|
14
|
-
"juggernaut-bedrock-darwin-x64": "4.2.
|
|
15
|
-
"juggernaut-bedrock-darwin-arm64": "4.2.
|
|
16
|
-
"juggernaut-bedrock-win32-x64": "4.2.
|
|
12
|
+
"juggernaut-bedrock-linux-x64": "4.2.5",
|
|
13
|
+
"juggernaut-bedrock-linux-arm64": "4.2.5",
|
|
14
|
+
"juggernaut-bedrock-darwin-x64": "4.2.5",
|
|
15
|
+
"juggernaut-bedrock-darwin-arm64": "4.2.5",
|
|
16
|
+
"juggernaut-bedrock-win32-x64": "4.2.5"
|
|
17
17
|
},
|
|
18
18
|
"os": [
|
|
19
19
|
"darwin",
|