just-bash 2.11.2 → 2.11.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/Bash.d.ts +11 -0
- package/dist/bin/chunks/{chunk-LS25HZNJ.js → chunk-X4GRWTSZ.js} +41 -41
- package/dist/bin/chunks/{expansion-TL4Q62VX.js → expansion-LT2QL7LY.js} +1 -1
- package/dist/bin/just-bash.js +143 -143
- package/dist/bin/shell/chunks/{chunk-LS25HZNJ.js → chunk-X4GRWTSZ.js} +41 -41
- package/dist/bin/shell/chunks/{expansion-TL4Q62VX.js → expansion-LT2QL7LY.js} +1 -1
- package/dist/bin/shell/shell.js +148 -148
- package/dist/bundle/browser.js +427 -427
- package/dist/bundle/chunks/{chunk-UJXASUXJ.js → chunk-YSCUI42G.js} +41 -41
- package/dist/bundle/chunks/{expansion-L4NRX44B.js → expansion-HFUNFLDT.js} +1 -1
- package/dist/bundle/index.js +174 -174
- package/dist/fs/init.d.ts +11 -1
- package/dist/fs/overlay-fs/overlay-fs.d.ts +16 -10
- package/dist/interpreter/types.d.ts +8 -0
- package/dist/shell-metadata.d.ts +4 -7
- package/package.json +1 -1
package/dist/fs/init.d.ts
CHANGED
|
@@ -5,8 +5,18 @@
|
|
|
5
5
|
* including /dev, /proc, and common directories.
|
|
6
6
|
*/
|
|
7
7
|
import type { IFileSystem } from "./interface.js";
|
|
8
|
+
/**
|
|
9
|
+
* Virtual process info for /proc filesystem initialization.
|
|
10
|
+
*/
|
|
11
|
+
interface VirtualProcessInfo {
|
|
12
|
+
pid: number;
|
|
13
|
+
ppid: number;
|
|
14
|
+
uid: number;
|
|
15
|
+
gid: number;
|
|
16
|
+
}
|
|
8
17
|
/**
|
|
9
18
|
* Initialize the filesystem with standard directories and files
|
|
10
19
|
* Works with both InMemoryFs and OverlayFs (both write to memory)
|
|
11
20
|
*/
|
|
12
|
-
export declare function initFilesystem(fs: IFileSystem, useDefaultLayout: boolean): void;
|
|
21
|
+
export declare function initFilesystem(fs: IFileSystem, useDefaultLayout: boolean, processInfo?: VirtualProcessInfo): void;
|
|
22
|
+
export {};
|
|
@@ -5,9 +5,10 @@
|
|
|
5
5
|
* Changes don't persist to disk and can't escape the root directory.
|
|
6
6
|
*
|
|
7
7
|
* Security: Symlinks are blocked by default (allowSymlinks: false).
|
|
8
|
-
* All real-FS access goes through
|
|
9
|
-
* gates which detect symlink traversal via path comparison
|
|
10
|
-
*
|
|
8
|
+
* All real-FS access goes through resolveRealPath_() / resolveRealPathParent_()
|
|
9
|
+
* gates which detect symlink traversal via path comparison and return the
|
|
10
|
+
* canonical path for I/O (closing the TOCTOU gap). New methods must use these
|
|
11
|
+
* gates — never access the real FS directly.
|
|
11
12
|
*/
|
|
12
13
|
import { type FileContent } from "../encoding.js";
|
|
13
14
|
import type { CpOptions, DirentEntry, FsStat, IFileSystem, MkdirOptions, ReadFileOptions, RmOptions, WriteFileOptions } from "../interface.js";
|
|
@@ -84,16 +85,21 @@ export declare class OverlayFs implements IFileSystem {
|
|
|
84
85
|
private toRealPath;
|
|
85
86
|
private dirname;
|
|
86
87
|
/**
|
|
87
|
-
*
|
|
88
|
-
*
|
|
88
|
+
* Resolve a real-FS path to its canonical form and validate it stays
|
|
89
|
+
* within the sandbox. Returns the canonical path for I/O, or null if
|
|
90
|
+
* the path escapes the root or traverses a symlink (when !allowSymlinks).
|
|
91
|
+
*
|
|
92
|
+
* Callers MUST use the returned canonical path for subsequent I/O to
|
|
93
|
+
* close the TOCTOU gap between validation and use.
|
|
89
94
|
*/
|
|
90
|
-
private
|
|
95
|
+
private resolveRealPath_;
|
|
91
96
|
/**
|
|
92
|
-
*
|
|
93
|
-
* Used by lstat/readlink/existsInOverlay where
|
|
94
|
-
* may itself be a symlink we want to inspect (not
|
|
97
|
+
* Resolve only the parent directory of a real-FS path, then join with
|
|
98
|
+
* the original basename. Used by lstat/readlink/existsInOverlay where
|
|
99
|
+
* the final component may itself be a symlink we want to inspect (not
|
|
100
|
+
* follow). Returns the canonical parent + basename for I/O, or null.
|
|
95
101
|
*/
|
|
96
|
-
private
|
|
102
|
+
private resolveRealPathParent_;
|
|
97
103
|
private ensureParentDirs;
|
|
98
104
|
/**
|
|
99
105
|
* Check if a path exists in the overlay (memory + real fs - deleted)
|
|
@@ -224,6 +224,14 @@ export interface ProcessState {
|
|
|
224
224
|
bashPid: number;
|
|
225
225
|
/** Counter for generating unique virtual PIDs for subshells */
|
|
226
226
|
nextVirtualPid: number;
|
|
227
|
+
/** Virtual main shell PID for $$ (default 1, never exposes real process.pid) */
|
|
228
|
+
virtualPid: number;
|
|
229
|
+
/** Virtual parent PID for $PPID (default 0, never exposes real process.ppid) */
|
|
230
|
+
virtualPpid: number;
|
|
231
|
+
/** Virtual user ID for $UID/$EUID (default 1000, never exposes real UID) */
|
|
232
|
+
virtualUid: number;
|
|
233
|
+
/** Virtual group ID (default 1000, never exposes real GID) */
|
|
234
|
+
virtualGid: number;
|
|
227
235
|
}
|
|
228
236
|
/**
|
|
229
237
|
* Tracks file descriptors and stdin content for I/O operations.
|
package/dist/shell-metadata.d.ts
CHANGED
|
@@ -14,15 +14,12 @@ export declare const BASH_VERSION = "5.1.0(1)-release";
|
|
|
14
14
|
*/
|
|
15
15
|
export declare const KERNEL_VERSION = "Linux version 5.15.0-generic (just-bash) #1 SMP PREEMPT";
|
|
16
16
|
/**
|
|
17
|
-
*
|
|
17
|
+
* Format /proc/self/status content using virtual process info.
|
|
18
|
+
* Never exposes real host process information.
|
|
18
19
|
*/
|
|
19
|
-
export declare function
|
|
20
|
+
export declare function formatProcStatus(info: {
|
|
20
21
|
pid: number;
|
|
21
22
|
ppid: number;
|
|
22
23
|
uid: number;
|
|
23
24
|
gid: number;
|
|
24
|
-
};
|
|
25
|
-
/**
|
|
26
|
-
* Format /proc/self/status content
|
|
27
|
-
*/
|
|
28
|
-
export declare function formatProcStatus(): string;
|
|
25
|
+
}): string;
|