just-bash 2.11.6 → 2.11.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/Bash.d.ts +8 -1
  2. package/dist/bin/just-bash.js +1 -1
  3. package/dist/bin/shell/shell.js +1 -1
  4. package/dist/bundle/browser.js +1 -1
  5. package/dist/bundle/index.js +1 -1
  6. package/dist/index.d.ts +1 -1
  7. package/package.json +1 -1
package/dist/Bash.d.ts CHANGED
@@ -11,7 +11,7 @@ import { type CommandName } from "./commands/registry.js";
11
11
  import { type CustomCommand } from "./custom-commands.js";
12
12
  import type { IFileSystem, InitialFiles } from "./fs/interface.js";
13
13
  import { type ExecutionLimits } from "./limits.js";
14
- import { type NetworkConfig } from "./network/index.js";
14
+ import { type NetworkConfig, type SecureFetch } from "./network/index.js";
15
15
  import type { DefenseInDepthConfig } from "./security/types.js";
16
16
  import type { BashTransformResult, TransformPlugin } from "./transform/types.js";
17
17
  import type { BashExecResult, Command, FeatureCoverageWriter, TraceCallback } from "./types.js";
@@ -48,6 +48,13 @@ export interface BashOptions {
48
48
  * @deprecated Use executionLimits.maxLoopIterations instead
49
49
  */
50
50
  maxLoopIterations?: number;
51
+ /**
52
+ * Custom secure fetch function. When provided, used instead of creating one
53
+ * from NetworkConfig. Enables wrapping the fetch layer with custom logic
54
+ * (e.g., policy evaluation) while keeping built-in curl unmodified.
55
+ * Network commands (curl, wget) are registered when either `fetch` or `network` is provided.
56
+ */
57
+ fetch?: SecureFetch;
51
58
  /**
52
59
  * Network configuration for commands like curl.
53
60
  * Network access is disabled by default - you must explicitly configure allowed URLs.
package/dist/bin/just-bash.js CHANGED
@@ -694,7 +694,7 @@ esac${Ee(e.redirections)}`}function fa(e){let t=e.patterns.map(le).join(" | "),s
694
694
  ${s}
695
695
  ${e.terminator}`:`${t})
696
696
  ${e.terminator}`}function da(e){return`(${ye(e.body)})${Ee(e.redirections)}`}function ha(e){return`{ ${ye(e.body)}; }${Ee(e.redirections)}`}function pa(e){return`((${B(e.expression.expression)}))${Ee(e.redirections)}`}function ma(e){return`[[ ${je(e.expression)} ]]${Ee(e.redirections)}`}function ya(e){let t=ii(e.body);return`${e.name}() ${t}${Ee(e.redirections)}`}function B(e){switch(e.type){case"ArithNumber":return String(e.value);case"ArithVariable":return e.hasDollarPrefix?`$${e.name}`:e.name;case"ArithSpecialVar":return`$${e.name}`;case"ArithBinary":return`${B(e.left)} ${e.operator} ${B(e.right)}`;case"ArithUnary":return e.prefix?`${e.operator}${B(e.operand)}`:`${B(e.operand)}${e.operator}`;case"ArithTernary":return`${B(e.condition)} ? ${B(e.consequent)} : ${B(e.alternate)}`;case"ArithAssignment":return`${e.subscript?`${e.variable}[${B(e.subscript)}]`:e.stringKey!==void 0?`${e.variable}[${e.stringKey}]`:e.variable} ${e.operator} ${B(e.value)}`;case"ArithDynamicAssignment":return`${e.subscript?`${B(e.target)}[${B(e.subscript)}]`:B(e.target)} ${e.operator} ${B(e.value)}`;case"ArithDynamicElement":return`${B(e.nameExpr)}[${B(e.subscript)}]`;case"ArithGroup":return`(${B(e.expression)})`;case"ArithNested":return`$((${B(e.expression)}))`;case"ArithCommandSubst":return`$(${e.command})`;case"ArithBracedExpansion":return`\${${e.content}}`;case"ArithArrayElement":return e.stringKey!==void 0?`${e.array}[${e.stringKey}]`:e.index?`${e.array}[${B(e.index)}]`:e.array;case"ArithDynamicBase":return`\${${e.baseExpr}}#${e.value}`;case"ArithDynamicNumber":return`\${${e.prefix}}${e.suffix}`;case"ArithConcat":return e.parts.map(B).join("");case"ArithDoubleSubscript":return`${e.array}[${B(e.index)}]`;case"ArithNumberSubscript":return`${e.number}[${e.errorToken}]`;case"ArithSyntaxError":return e.errorToken;case"ArithSingleQuote":return`'${e.content}'`;default:{let t=e;throw new Error(`Unsupported arithmetic expression type: ${t.type}`)}}}function je(e){switch(e.type){case"CondBinary":return`${le(e.left)} ${e.operator} ${le(e.right)}`;case"CondUnary":return`${e.operator} ${le(e.operand)}`;case"CondNot":return`! ${je(e.operand)}`;case"CondAnd":return`${je(e.left)} && ${je(e.right)}`;case"CondOr":return`${je(e.left)} || ${je(e.right)}`;case"CondGroup":return`( ${je(e.expression)} )`;case"CondWord":return le(e.word);default:{let t=e;throw new Error(`Unsupported conditional expression type: ${t.type}`)}}}var Qt=class{fs;commands=new Map;useDefaultLayout=!1;limits;secureFetch;sleepFn;traceFn;logger;defenseInDepthConfig;coverageWriter;transformPlugins=[];state;constructor(t={}){let s=t.fs??new it(t.files);this.fs=s,this.useDefaultLayout=!t.cwd&&!t.files;let r=t.cwd||(this.useDefaultLayout?"/home/user":"/"),n=new Map([["HOME",this.useDefaultLayout?"/home/user":"/"],["PATH","/usr/bin:/bin"],["IFS",`
697
- `],["OSTYPE","linux-gnu"],["MACHTYPE","x86_64-pc-linux-gnu"],["HOSTTYPE","x86_64"],["HOSTNAME","localhost"],["PWD",r],["OLDPWD",r],["OPTIND","1"],...Object.entries(t.env??{})]);if(this.limits=Qn({...t.executionLimits,...t.maxCallDepth!==void 0&&{maxCallDepth:t.maxCallDepth},...t.maxCommandCount!==void 0&&{maxCommandCount:t.maxCommandCount},...t.maxLoopIterations!==void 0&&{maxLoopIterations:t.maxLoopIterations}}),t.network&&(this.secureFetch=ir(t.network)),this.sleepFn=t.sleep,this.traceFn=t.trace,this.logger=t.logger,this.defenseInDepthConfig=t.defenseInDepth,this.coverageWriter=t.coverage,this.state={env:n,cwd:r,previousDir:"/home/user",functions:new Map,localScopes:[],callDepth:0,sourceDepth:0,commandCount:0,lastExitCode:0,lastArg:"",startTime:Date.now(),lastBackgroundPid:0,virtualPid:t.processInfo?.pid??1,virtualPpid:t.processInfo?.ppid??0,virtualUid:t.processInfo?.uid??1e3,virtualGid:t.processInfo?.gid??1e3,bashPid:t.processInfo?.pid??1,nextVirtualPid:(t.processInfo?.pid??1)+1,currentLine:1,options:{errexit:!1,pipefail:!1,nounset:!1,xtrace:!1,verbose:!1,posix:!1,allexport:!1,noclobber:!1,noglob:!1,noexec:!1,vi:!1,emacs:!1},shoptOptions:{extglob:!1,dotglob:!1,nullglob:!1,failglob:!1,globstar:!1,globskipdots:!0,nocaseglob:!1,nocasematch:!1,expand_aliases:!1,lastpipe:!1,xpg_echo:!1},inCondition:!1,loopDepth:0,exportedVars:new Set(["HOME","PATH","PWD","OLDPWD",...Object.keys(t.env||{})]),readonlyVars:new Set(["SHELLOPTS","BASHOPTS"]),hashTable:new Map},this.state.env.set("SHELLOPTS",cs(this.state.options)),this.state.env.set("BASHOPTS",us(this.state.shoptOptions)),Dr(s,this.useDefaultLayout,{pid:this.state.virtualPid,ppid:this.state.virtualPpid,uid:this.state.virtualUid,gid:this.state.virtualGid}),r!=="/"&&s instanceof it)try{s.mkdirSync(r,{recursive:!0})}catch{}for(let i of kr(t.commands))this.registerCommand(i);if(t.network)for(let i of Nr())this.registerCommand(i);if(t.python)for(let i of Or())this.registerCommand(i);if(t.customCommands)for(let i of t.customCommands)xr(i)?this.registerCommand(Tr(i)):this.registerCommand(i)}registerCommand(t){this.commands.set(t.name,t);let s=this.fs;if(typeof s.writeFileSync=="function"){let r=`#!/bin/bash
697
+ `],["OSTYPE","linux-gnu"],["MACHTYPE","x86_64-pc-linux-gnu"],["HOSTTYPE","x86_64"],["HOSTNAME","localhost"],["PWD",r],["OLDPWD",r],["OPTIND","1"],...Object.entries(t.env??{})]);if(this.limits=Qn({...t.executionLimits,...t.maxCallDepth!==void 0&&{maxCallDepth:t.maxCallDepth},...t.maxCommandCount!==void 0&&{maxCommandCount:t.maxCommandCount},...t.maxLoopIterations!==void 0&&{maxLoopIterations:t.maxLoopIterations}}),t.fetch?this.secureFetch=t.fetch:t.network&&(this.secureFetch=ir(t.network)),this.sleepFn=t.sleep,this.traceFn=t.trace,this.logger=t.logger,this.defenseInDepthConfig=t.defenseInDepth,this.coverageWriter=t.coverage,this.state={env:n,cwd:r,previousDir:"/home/user",functions:new Map,localScopes:[],callDepth:0,sourceDepth:0,commandCount:0,lastExitCode:0,lastArg:"",startTime:Date.now(),lastBackgroundPid:0,virtualPid:t.processInfo?.pid??1,virtualPpid:t.processInfo?.ppid??0,virtualUid:t.processInfo?.uid??1e3,virtualGid:t.processInfo?.gid??1e3,bashPid:t.processInfo?.pid??1,nextVirtualPid:(t.processInfo?.pid??1)+1,currentLine:1,options:{errexit:!1,pipefail:!1,nounset:!1,xtrace:!1,verbose:!1,posix:!1,allexport:!1,noclobber:!1,noglob:!1,noexec:!1,vi:!1,emacs:!1},shoptOptions:{extglob:!1,dotglob:!1,nullglob:!1,failglob:!1,globstar:!1,globskipdots:!0,nocaseglob:!1,nocasematch:!1,expand_aliases:!1,lastpipe:!1,xpg_echo:!1},inCondition:!1,loopDepth:0,exportedVars:new Set(["HOME","PATH","PWD","OLDPWD",...Object.keys(t.env||{})]),readonlyVars:new Set(["SHELLOPTS","BASHOPTS"]),hashTable:new Map},this.state.env.set("SHELLOPTS",cs(this.state.options)),this.state.env.set("BASHOPTS",us(this.state.shoptOptions)),Dr(s,this.useDefaultLayout,{pid:this.state.virtualPid,ppid:this.state.virtualPpid,uid:this.state.virtualUid,gid:this.state.virtualGid}),r!=="/"&&s instanceof it)try{s.mkdirSync(r,{recursive:!0})}catch{}for(let i of kr(t.commands))this.registerCommand(i);if(t.fetch||t.network)for(let i of Nr())this.registerCommand(i);if(t.python)for(let i of Or())this.registerCommand(i);if(t.customCommands)for(let i of t.customCommands)xr(i)?this.registerCommand(Tr(i)):this.registerCommand(i)}registerCommand(t){this.commands.set(t.name,t);let s=this.fs;if(typeof s.writeFileSync=="function"){let r=`#!/bin/bash
698
698
  # Built-in command: ${t.name}
699
699
  `;try{s.writeFileSync(`/bin/${t.name}`,r)}catch{}try{s.writeFileSync(`/usr/bin/${t.name}`,r)}catch{}}}logResult(t){return this.logger&&(t.stdout&&this.logger.debug("stdout",{output:t.stdout}),t.stderr&&this.logger.info("stderr",{output:t.stderr}),this.logger.info("exit",{exitCode:t.exitCode})),t}async exec(t,s){if(this.state.callDepth===0&&(this.state.commandCount=0),this.state.commandCount++,this.state.commandCount>this.limits.maxCommandCount)return{stdout:"",stderr:`bash: maximum command count (${this.limits.maxCommandCount}) exceeded (possible infinite loop). Increase with executionLimits.maxCommandCount option.
700
700
  `,exitCode:1,env:we(this.state.env,s?.env)};if(!t.trim())return{stdout:"",stderr:"",exitCode:0,env:we(this.state.env,s?.env)};this.logger?.info("exec",{command:t});let r=s?.cwd??this.state.cwd,n,i=r;if(s?.cwd)if(s.env&&"PWD"in s.env)n=s.env.PWD;else if(s?.env&&!("PWD"in s.env))try{n=await this.fs.realpath(r),i=n}catch{n=r}else n=r;let o=new Map(this.state.env);if(s?.env)for(let[f,d]of Object.entries(s.env))o.set(f,d);n!==void 0&&o.set("PWD",n);let a={...this.state,env:o,cwd:i,functions:new Map(this.state.functions),localScopes:[...this.state.localScopes],options:{...this.state.options},hashTable:this.state.hashTable,groupStdin:s?.stdin},l=t;s?.rawScript||(l=ci(t));let u=(this.defenseInDepthConfig?Xt.getInstance(this.defenseInDepthConfig):null)?.activate();try{let f=async()=>{let d=ve(l,{maxHeredocSize:this.limits.maxHeredocSize}),h;if(this.transformPlugins.length>0){let v=Object.create(null);for(let A of this.transformPlugins){let y=A.transform({ast:d,metadata:v});d=y.ast,y.metadata&&(v={...v,...y.metadata})}h=v}let m={fs:this.fs,commands:this.commands,limits:this.limits,exec:this.exec.bind(this),fetch:this.secureFetch,sleep:this.sleepFn,trace:this.traceFn,coverage:this.coverageWriter},S=await new dt(m,a).executeScript(d);return h&&(S.metadata=h),this.logResult(S)};return u?await u.run(f):await f()}catch(f){if(f instanceof z)return this.logResult({stdout:f.stdout,stderr:f.stderr,exitCode:f.exitCode,env:we(this.state.env,s?.env)});if(f instanceof ge)return this.logResult({stdout:f.stdout,stderr:f.stderr,exitCode:f.exitCode,env:we(this.state.env,s?.env)});if(f instanceof We)return this.logResult({stdout:f.stdout,stderr:f.stderr,exitCode:1,env:we(this.state.env,s?.env)});if(f instanceof ne)return this.logResult({stdout:f.stdout,stderr:f.stderr,exitCode:ne.EXIT_CODE,env:we(this.state.env,s?.env)});if(f instanceof se)return this.logResult({stdout:"",stderr:`bash: security violation: ${f.message}
package/dist/bin/shell/shell.js CHANGED
@@ -694,7 +694,7 @@ esac${Ae(e.redirections)}`}function ha(e){let t=e.patterns.map(ce).join(" | "),s
694
694
  ${s}
695
695
  ${e.terminator}`:`${t})
696
696
  ${e.terminator}`}function pa(e){return`(${ge(e.body)})${Ae(e.redirections)}`}function ma(e){return`{ ${ge(e.body)}; }${Ae(e.redirections)}`}function ya(e){return`((${B(e.expression.expression)}))${Ae(e.redirections)}`}function ga(e){return`[[ ${je(e.expression)} ]]${Ae(e.redirections)}`}function wa(e){let t=ai(e.body);return`${e.name}() ${t}${Ae(e.redirections)}`}function B(e){switch(e.type){case"ArithNumber":return String(e.value);case"ArithVariable":return e.hasDollarPrefix?`$${e.name}`:e.name;case"ArithSpecialVar":return`$${e.name}`;case"ArithBinary":return`${B(e.left)} ${e.operator} ${B(e.right)}`;case"ArithUnary":return e.prefix?`${e.operator}${B(e.operand)}`:`${B(e.operand)}${e.operator}`;case"ArithTernary":return`${B(e.condition)} ? ${B(e.consequent)} : ${B(e.alternate)}`;case"ArithAssignment":return`${e.subscript?`${e.variable}[${B(e.subscript)}]`:e.stringKey!==void 0?`${e.variable}[${e.stringKey}]`:e.variable} ${e.operator} ${B(e.value)}`;case"ArithDynamicAssignment":return`${e.subscript?`${B(e.target)}[${B(e.subscript)}]`:B(e.target)} ${e.operator} ${B(e.value)}`;case"ArithDynamicElement":return`${B(e.nameExpr)}[${B(e.subscript)}]`;case"ArithGroup":return`(${B(e.expression)})`;case"ArithNested":return`$((${B(e.expression)}))`;case"ArithCommandSubst":return`$(${e.command})`;case"ArithBracedExpansion":return`\${${e.content}}`;case"ArithArrayElement":return e.stringKey!==void 0?`${e.array}[${e.stringKey}]`:e.index?`${e.array}[${B(e.index)}]`:e.array;case"ArithDynamicBase":return`\${${e.baseExpr}}#${e.value}`;case"ArithDynamicNumber":return`\${${e.prefix}}${e.suffix}`;case"ArithConcat":return e.parts.map(B).join("");case"ArithDoubleSubscript":return`${e.array}[${B(e.index)}]`;case"ArithNumberSubscript":return`${e.number}[${e.errorToken}]`;case"ArithSyntaxError":return e.errorToken;case"ArithSingleQuote":return`'${e.content}'`;default:{let t=e;throw new Error(`Unsupported arithmetic expression type: ${t.type}`)}}}function je(e){switch(e.type){case"CondBinary":return`${ce(e.left)} ${e.operator} ${ce(e.right)}`;case"CondUnary":return`${e.operator} ${ce(e.operand)}`;case"CondNot":return`! ${je(e.operand)}`;case"CondAnd":return`${je(e.left)} && ${je(e.right)}`;case"CondOr":return`${je(e.left)} || ${je(e.right)}`;case"CondGroup":return`( ${je(e.expression)} )`;case"CondWord":return ce(e.word);default:{let t=e;throw new Error(`Unsupported conditional expression type: ${t.type}`)}}}var Qt=class{fs;commands=new Map;useDefaultLayout=!1;limits;secureFetch;sleepFn;traceFn;logger;defenseInDepthConfig;coverageWriter;transformPlugins=[];state;constructor(t={}){let s=t.fs??new it(t.files);this.fs=s,this.useDefaultLayout=!t.cwd&&!t.files;let r=t.cwd||(this.useDefaultLayout?"/home/user":"/"),n=new Map([["HOME",this.useDefaultLayout?"/home/user":"/"],["PATH","/usr/bin:/bin"],["IFS",`
697
- `],["OSTYPE","linux-gnu"],["MACHTYPE","x86_64-pc-linux-gnu"],["HOSTTYPE","x86_64"],["HOSTNAME","localhost"],["PWD",r],["OLDPWD",r],["OPTIND","1"],...Object.entries(t.env??{})]);if(this.limits=ei({...t.executionLimits,...t.maxCallDepth!==void 0&&{maxCallDepth:t.maxCallDepth},...t.maxCommandCount!==void 0&&{maxCommandCount:t.maxCommandCount},...t.maxLoopIterations!==void 0&&{maxLoopIterations:t.maxLoopIterations}}),t.network&&(this.secureFetch=or(t.network)),this.sleepFn=t.sleep,this.traceFn=t.trace,this.logger=t.logger,this.defenseInDepthConfig=t.defenseInDepth,this.coverageWriter=t.coverage,this.state={env:n,cwd:r,previousDir:"/home/user",functions:new Map,localScopes:[],callDepth:0,sourceDepth:0,commandCount:0,lastExitCode:0,lastArg:"",startTime:Date.now(),lastBackgroundPid:0,virtualPid:t.processInfo?.pid??1,virtualPpid:t.processInfo?.ppid??0,virtualUid:t.processInfo?.uid??1e3,virtualGid:t.processInfo?.gid??1e3,bashPid:t.processInfo?.pid??1,nextVirtualPid:(t.processInfo?.pid??1)+1,currentLine:1,options:{errexit:!1,pipefail:!1,nounset:!1,xtrace:!1,verbose:!1,posix:!1,allexport:!1,noclobber:!1,noglob:!1,noexec:!1,vi:!1,emacs:!1},shoptOptions:{extglob:!1,dotglob:!1,nullglob:!1,failglob:!1,globstar:!1,globskipdots:!0,nocaseglob:!1,nocasematch:!1,expand_aliases:!1,lastpipe:!1,xpg_echo:!1},inCondition:!1,loopDepth:0,exportedVars:new Set(["HOME","PATH","PWD","OLDPWD",...Object.keys(t.env||{})]),readonlyVars:new Set(["SHELLOPTS","BASHOPTS"]),hashTable:new Map},this.state.env.set("SHELLOPTS",us(this.state.options)),this.state.env.set("BASHOPTS",fs(this.state.shoptOptions)),Rr(s,this.useDefaultLayout,{pid:this.state.virtualPid,ppid:this.state.virtualPpid,uid:this.state.virtualUid,gid:this.state.virtualGid}),r!=="/"&&s instanceof it)try{s.mkdirSync(r,{recursive:!0})}catch{}for(let i of Or(t.commands))this.registerCommand(i);if(t.network)for(let i of Tr())this.registerCommand(i);if(t.python)for(let i of xr())this.registerCommand(i);if(t.customCommands)for(let i of t.customCommands)Dr(i)?this.registerCommand(Ir(i)):this.registerCommand(i)}registerCommand(t){this.commands.set(t.name,t);let s=this.fs;if(typeof s.writeFileSync=="function"){let r=`#!/bin/bash
697
+ `],["OSTYPE","linux-gnu"],["MACHTYPE","x86_64-pc-linux-gnu"],["HOSTTYPE","x86_64"],["HOSTNAME","localhost"],["PWD",r],["OLDPWD",r],["OPTIND","1"],...Object.entries(t.env??{})]);if(this.limits=ei({...t.executionLimits,...t.maxCallDepth!==void 0&&{maxCallDepth:t.maxCallDepth},...t.maxCommandCount!==void 0&&{maxCommandCount:t.maxCommandCount},...t.maxLoopIterations!==void 0&&{maxLoopIterations:t.maxLoopIterations}}),t.fetch?this.secureFetch=t.fetch:t.network&&(this.secureFetch=or(t.network)),this.sleepFn=t.sleep,this.traceFn=t.trace,this.logger=t.logger,this.defenseInDepthConfig=t.defenseInDepth,this.coverageWriter=t.coverage,this.state={env:n,cwd:r,previousDir:"/home/user",functions:new Map,localScopes:[],callDepth:0,sourceDepth:0,commandCount:0,lastExitCode:0,lastArg:"",startTime:Date.now(),lastBackgroundPid:0,virtualPid:t.processInfo?.pid??1,virtualPpid:t.processInfo?.ppid??0,virtualUid:t.processInfo?.uid??1e3,virtualGid:t.processInfo?.gid??1e3,bashPid:t.processInfo?.pid??1,nextVirtualPid:(t.processInfo?.pid??1)+1,currentLine:1,options:{errexit:!1,pipefail:!1,nounset:!1,xtrace:!1,verbose:!1,posix:!1,allexport:!1,noclobber:!1,noglob:!1,noexec:!1,vi:!1,emacs:!1},shoptOptions:{extglob:!1,dotglob:!1,nullglob:!1,failglob:!1,globstar:!1,globskipdots:!0,nocaseglob:!1,nocasematch:!1,expand_aliases:!1,lastpipe:!1,xpg_echo:!1},inCondition:!1,loopDepth:0,exportedVars:new Set(["HOME","PATH","PWD","OLDPWD",...Object.keys(t.env||{})]),readonlyVars:new Set(["SHELLOPTS","BASHOPTS"]),hashTable:new Map},this.state.env.set("SHELLOPTS",us(this.state.options)),this.state.env.set("BASHOPTS",fs(this.state.shoptOptions)),Rr(s,this.useDefaultLayout,{pid:this.state.virtualPid,ppid:this.state.virtualPpid,uid:this.state.virtualUid,gid:this.state.virtualGid}),r!=="/"&&s instanceof it)try{s.mkdirSync(r,{recursive:!0})}catch{}for(let i of Or(t.commands))this.registerCommand(i);if(t.fetch||t.network)for(let i of Tr())this.registerCommand(i);if(t.python)for(let i of xr())this.registerCommand(i);if(t.customCommands)for(let i of t.customCommands)Dr(i)?this.registerCommand(Ir(i)):this.registerCommand(i)}registerCommand(t){this.commands.set(t.name,t);let s=this.fs;if(typeof s.writeFileSync=="function"){let r=`#!/bin/bash
698
698
  # Built-in command: ${t.name}
699
699
  `;try{s.writeFileSync(`/bin/${t.name}`,r)}catch{}try{s.writeFileSync(`/usr/bin/${t.name}`,r)}catch{}}}logResult(t){return this.logger&&(t.stdout&&this.logger.debug("stdout",{output:t.stdout}),t.stderr&&this.logger.info("stderr",{output:t.stderr}),this.logger.info("exit",{exitCode:t.exitCode})),t}async exec(t,s){if(this.state.callDepth===0&&(this.state.commandCount=0),this.state.commandCount++,this.state.commandCount>this.limits.maxCommandCount)return{stdout:"",stderr:`bash: maximum command count (${this.limits.maxCommandCount}) exceeded (possible infinite loop). Increase with executionLimits.maxCommandCount option.
700
700
  `,exitCode:1,env:be(this.state.env,s?.env)};if(!t.trim())return{stdout:"",stderr:"",exitCode:0,env:be(this.state.env,s?.env)};this.logger?.info("exec",{command:t});let r=s?.cwd??this.state.cwd,n,i=r;if(s?.cwd)if(s.env&&"PWD"in s.env)n=s.env.PWD;else if(s?.env&&!("PWD"in s.env))try{n=await this.fs.realpath(r),i=n}catch{n=r}else n=r;let o=new Map(this.state.env);if(s?.env)for(let[f,d]of Object.entries(s.env))o.set(f,d);n!==void 0&&o.set("PWD",n);let a={...this.state,env:o,cwd:i,functions:new Map(this.state.functions),localScopes:[...this.state.localScopes],options:{...this.state.options},hashTable:this.state.hashTable,groupStdin:s?.stdin},l=t;s?.rawScript||(l=fi(t));let u=(this.defenseInDepthConfig?Xt.getInstance(this.defenseInDepthConfig):null)?.activate();try{let f=async()=>{let d=$e(l,{maxHeredocSize:this.limits.maxHeredocSize}),h;if(this.transformPlugins.length>0){let v=Object.create(null);for(let A of this.transformPlugins){let y=A.transform({ast:d,metadata:v});d=y.ast,y.metadata&&(v={...v,...y.metadata})}h=v}let m={fs:this.fs,commands:this.commands,limits:this.limits,exec:this.exec.bind(this),fetch:this.secureFetch,sleep:this.sleepFn,trace:this.traceFn,coverage:this.coverageWriter},S=await new dt(m,a).executeScript(d);return h&&(S.metadata=h),this.logResult(S)};return u?await u.run(f):await f()}catch(f){if(f instanceof z)return this.logResult({stdout:f.stdout,stderr:f.stderr,exitCode:f.exitCode,env:be(this.state.env,s?.env)});if(f instanceof we)return this.logResult({stdout:f.stdout,stderr:f.stderr,exitCode:f.exitCode,env:be(this.state.env,s?.env)});if(f instanceof We)return this.logResult({stdout:f.stdout,stderr:f.stderr,exitCode:1,env:be(this.state.env,s?.env)});if(f instanceof ie)return this.logResult({stdout:f.stdout,stderr:f.stderr,exitCode:ie.EXIT_CODE,env:be(this.state.env,s?.env)});if(f instanceof re)return this.logResult({stdout:"",stderr:`bash: security violation: ${f.message}
package/dist/bundle/browser.js CHANGED
@@ -1478,7 +1478,7 @@ esac${un(e.redirections)}`}function DA(e){let t=e.patterns.map(vt).join(" | "),n
1478
1478
  ${n}
1479
1479
  ${e.terminator}`:`${t})
1480
1480
  ${e.terminator}`}function _A(e){return`(${Yt(e.body)})${un(e.redirections)}`}function LA(e){return`{ ${Yt(e.body)}; }${un(e.redirections)}`}function FA(e){return`((${Le(e.expression.expression)}))${un(e.redirections)}`}function MA(e){return`[[ ${hr(e.expression)} ]]${un(e.redirections)}`}function UA(e){let t=M6(e.body);return`${e.name}() ${t}${un(e.redirections)}`}function Le(e){switch(e.type){case"ArithNumber":return String(e.value);case"ArithVariable":return e.hasDollarPrefix?`$${e.name}`:e.name;case"ArithSpecialVar":return`$${e.name}`;case"ArithBinary":return`${Le(e.left)} ${e.operator} ${Le(e.right)}`;case"ArithUnary":return e.prefix?`${e.operator}${Le(e.operand)}`:`${Le(e.operand)}${e.operator}`;case"ArithTernary":return`${Le(e.condition)} ? ${Le(e.consequent)} : ${Le(e.alternate)}`;case"ArithAssignment":return`${e.subscript?`${e.variable}[${Le(e.subscript)}]`:e.stringKey!==void 0?`${e.variable}[${e.stringKey}]`:e.variable} ${e.operator} ${Le(e.value)}`;case"ArithDynamicAssignment":return`${e.subscript?`${Le(e.target)}[${Le(e.subscript)}]`:Le(e.target)} ${e.operator} ${Le(e.value)}`;case"ArithDynamicElement":return`${Le(e.nameExpr)}[${Le(e.subscript)}]`;case"ArithGroup":return`(${Le(e.expression)})`;case"ArithNested":return`$((${Le(e.expression)}))`;case"ArithCommandSubst":return`$(${e.command})`;case"ArithBracedExpansion":return`\${${e.content}}`;case"ArithArrayElement":return e.stringKey!==void 0?`${e.array}[${e.stringKey}]`:e.index?`${e.array}[${Le(e.index)}]`:e.array;case"ArithDynamicBase":return`\${${e.baseExpr}}#${e.value}`;case"ArithDynamicNumber":return`\${${e.prefix}}${e.suffix}`;case"ArithConcat":return e.parts.map(Le).join("");case"ArithDoubleSubscript":return`${e.array}[${Le(e.index)}]`;case"ArithNumberSubscript":return`${e.number}[${e.errorToken}]`;case"ArithSyntaxError":return e.errorToken;case"ArithSingleQuote":return`'${e.content}'`;default:{let t=e;throw new Error(`Unsupported arithmetic expression type: ${t.type}`)}}}function hr(e){switch(e.type){case"CondBinary":return`${vt(e.left)} ${e.operator} ${vt(e.right)}`;case"CondUnary":return`${e.operator} ${vt(e.operand)}`;case"CondNot":return`! ${hr(e.operand)}`;case"CondAnd":return`${hr(e.left)} && ${hr(e.right)}`;case"CondOr":return`${hr(e.left)} || ${hr(e.right)}`;case"CondGroup":return`( ${hr(e.expression)} )`;case"CondWord":return vt(e.word);default:{let t=e;throw new Error(`Unsupported conditional expression type: ${t.type}`)}}}var gu=class{fs;commands=new Map;useDefaultLayout=!1;limits;secureFetch;sleepFn;traceFn;logger;defenseInDepthConfig;coverageWriter;transformPlugins=[];state;constructor(t={}){let n=t.fs??new ir(t.files);this.fs=n,this.useDefaultLayout=!t.cwd&&!t.files;let r=t.cwd||(this.useDefaultLayout?"/home/user":"/"),s=new Map([["HOME",this.useDefaultLayout?"/home/user":"/"],["PATH","/usr/bin:/bin"],["IFS",`
1481
- `],["OSTYPE","linux-gnu"],["MACHTYPE","x86_64-pc-linux-gnu"],["HOSTTYPE","x86_64"],["HOSTNAME","localhost"],["PWD",r],["OLDPWD",r],["OPTIND","1"],...Object.entries(t.env??{})]);if(this.limits=R6({...t.executionLimits,...t.maxCallDepth!==void 0&&{maxCallDepth:t.maxCallDepth},...t.maxCommandCount!==void 0&&{maxCommandCount:t.maxCommandCount},...t.maxLoopIterations!==void 0&&{maxLoopIterations:t.maxLoopIterations}}),t.network&&(this.secureFetch=hu(t.network)),this.sleepFn=t.sleep,this.traceFn=t.trace,this.logger=t.logger,this.defenseInDepthConfig=t.defenseInDepth,this.coverageWriter=t.coverage,this.state={env:s,cwd:r,previousDir:"/home/user",functions:new Map,localScopes:[],callDepth:0,sourceDepth:0,commandCount:0,lastExitCode:0,lastArg:"",startTime:Date.now(),lastBackgroundPid:0,virtualPid:t.processInfo?.pid??1,virtualPpid:t.processInfo?.ppid??0,virtualUid:t.processInfo?.uid??1e3,virtualGid:t.processInfo?.gid??1e3,bashPid:t.processInfo?.pid??1,nextVirtualPid:(t.processInfo?.pid??1)+1,currentLine:1,options:{errexit:!1,pipefail:!1,nounset:!1,xtrace:!1,verbose:!1,posix:!1,allexport:!1,noclobber:!1,noglob:!1,noexec:!1,vi:!1,emacs:!1},shoptOptions:{extglob:!1,dotglob:!1,nullglob:!1,failglob:!1,globstar:!1,globskipdots:!0,nocaseglob:!1,nocasematch:!1,expand_aliases:!1,lastpipe:!1,xpg_echo:!1},inCondition:!1,loopDepth:0,exportedVars:new Set(["HOME","PATH","PWD","OLDPWD",...Object.keys(t.env||{})]),readonlyVars:new Set(["SHELLOPTS","BASHOPTS"]),hashTable:new Map},this.state.env.set("SHELLOPTS",Il(this.state.options)),this.state.env.set("BASHOPTS",$l(this.state.shoptOptions)),Z0(n,this.useDefaultLayout,{pid:this.state.virtualPid,ppid:this.state.virtualPpid,uid:this.state.virtualUid,gid:this.state.virtualGid}),r!=="/"&&n instanceof ir)try{n.mkdirSync(r,{recursive:!0})}catch{}for(let i of B0(t.commands))this.registerCommand(i);if(t.network)for(let i of W0())this.registerCommand(i);if(t.python)for(let i of z0())this.registerCommand(i);if(t.customCommands)for(let i of t.customCommands)H0(i)?this.registerCommand(j0(i)):this.registerCommand(i)}registerCommand(t){this.commands.set(t.name,t);let n=this.fs;if(typeof n.writeFileSync=="function"){let r=`#!/bin/bash
1481
+ `],["OSTYPE","linux-gnu"],["MACHTYPE","x86_64-pc-linux-gnu"],["HOSTTYPE","x86_64"],["HOSTNAME","localhost"],["PWD",r],["OLDPWD",r],["OPTIND","1"],...Object.entries(t.env??{})]);if(this.limits=R6({...t.executionLimits,...t.maxCallDepth!==void 0&&{maxCallDepth:t.maxCallDepth},...t.maxCommandCount!==void 0&&{maxCommandCount:t.maxCommandCount},...t.maxLoopIterations!==void 0&&{maxLoopIterations:t.maxLoopIterations}}),t.fetch?this.secureFetch=t.fetch:t.network&&(this.secureFetch=hu(t.network)),this.sleepFn=t.sleep,this.traceFn=t.trace,this.logger=t.logger,this.defenseInDepthConfig=t.defenseInDepth,this.coverageWriter=t.coverage,this.state={env:s,cwd:r,previousDir:"/home/user",functions:new Map,localScopes:[],callDepth:0,sourceDepth:0,commandCount:0,lastExitCode:0,lastArg:"",startTime:Date.now(),lastBackgroundPid:0,virtualPid:t.processInfo?.pid??1,virtualPpid:t.processInfo?.ppid??0,virtualUid:t.processInfo?.uid??1e3,virtualGid:t.processInfo?.gid??1e3,bashPid:t.processInfo?.pid??1,nextVirtualPid:(t.processInfo?.pid??1)+1,currentLine:1,options:{errexit:!1,pipefail:!1,nounset:!1,xtrace:!1,verbose:!1,posix:!1,allexport:!1,noclobber:!1,noglob:!1,noexec:!1,vi:!1,emacs:!1},shoptOptions:{extglob:!1,dotglob:!1,nullglob:!1,failglob:!1,globstar:!1,globskipdots:!0,nocaseglob:!1,nocasematch:!1,expand_aliases:!1,lastpipe:!1,xpg_echo:!1},inCondition:!1,loopDepth:0,exportedVars:new Set(["HOME","PATH","PWD","OLDPWD",...Object.keys(t.env||{})]),readonlyVars:new Set(["SHELLOPTS","BASHOPTS"]),hashTable:new Map},this.state.env.set("SHELLOPTS",Il(this.state.options)),this.state.env.set("BASHOPTS",$l(this.state.shoptOptions)),Z0(n,this.useDefaultLayout,{pid:this.state.virtualPid,ppid:this.state.virtualPpid,uid:this.state.virtualUid,gid:this.state.virtualGid}),r!=="/"&&n instanceof ir)try{n.mkdirSync(r,{recursive:!0})}catch{}for(let i of B0(t.commands))this.registerCommand(i);if(t.fetch||t.network)for(let i of W0())this.registerCommand(i);if(t.python)for(let i of z0())this.registerCommand(i);if(t.customCommands)for(let i of t.customCommands)H0(i)?this.registerCommand(j0(i)):this.registerCommand(i)}registerCommand(t){this.commands.set(t.name,t);let n=this.fs;if(typeof n.writeFileSync=="function"){let r=`#!/bin/bash
1482
1482
  # Built-in command: ${t.name}
1483
1483
  `;try{n.writeFileSync(`/bin/${t.name}`,r)}catch{}try{n.writeFileSync(`/usr/bin/${t.name}`,r)}catch{}}}logResult(t){return this.logger&&(t.stdout&&this.logger.debug("stdout",{output:t.stdout}),t.stderr&&this.logger.info("stderr",{output:t.stderr}),this.logger.info("exit",{exitCode:t.exitCode})),t}async exec(t,n){if(this.state.callDepth===0&&(this.state.commandCount=0),this.state.commandCount++,this.state.commandCount>this.limits.maxCommandCount)return{stdout:"",stderr:`bash: maximum command count (${this.limits.maxCommandCount}) exceeded (possible infinite loop). Increase with executionLimits.maxCommandCount option.
1484
1484
  `,exitCode:1,env:nn(this.state.env,n?.env)};if(!t.trim())return{stdout:"",stderr:"",exitCode:0,env:nn(this.state.env,n?.env)};this.logger?.info("exec",{command:t});let r=n?.cwd??this.state.cwd,s,i=r;if(n?.cwd)if(n.env&&"PWD"in n.env)s=n.env.PWD;else if(n?.env&&!("PWD"in n.env))try{s=await this.fs.realpath(r),i=s}catch{s=r}else s=r;let a=new Map(this.state.env);if(n?.env)for(let[f,p]of Object.entries(n.env))a.set(f,p);s!==void 0&&a.set("PWD",s);let o={...this.state,env:a,cwd:i,functions:new Map(this.state.functions),localScopes:[...this.state.localScopes],options:{...this.state.options},hashTable:this.state.hashTable,groupStdin:n?.stdin},l=t;n?.rawScript||(l=z6(t));let u=(this.defenseInDepthConfig?_a.getInstance(this.defenseInDepthConfig):null)?.activate();try{let f=async()=>{let p=rn(l,{maxHeredocSize:this.limits.maxHeredocSize}),h;if(this.transformPlugins.length>0){let y=Object.create(null);for(let b of this.transformPlugins){let x=b.transform({ast:p,metadata:y});p=x.ast,x.metadata&&(y={...y,...x.metadata})}h=y}let m={fs:this.fs,commands:this.commands,limits:this.limits,exec:this.exec.bind(this),fetch:this.secureFetch,sleep:this.sleepFn,trace:this.traceFn,coverage:this.coverageWriter},w=await new Bs(m,o).executeScript(p);return h&&(w.metadata=h),this.logResult(w)};return u?await u.run(f):await f()}catch(f){if(f instanceof pe)return this.logResult({stdout:f.stdout,stderr:f.stderr,exitCode:f.exitCode,env:nn(this.state.env,n?.env)});if(f instanceof Wt)return this.logResult({stdout:f.stdout,stderr:f.stderr,exitCode:f.exitCode,env:nn(this.state.env,n?.env)});if(f instanceof $e)return this.logResult({stdout:f.stdout,stderr:f.stderr,exitCode:1,env:nn(this.state.env,n?.env)});if(f instanceof J)return this.logResult({stdout:f.stdout,stderr:f.stderr,exitCode:J.EXIT_CODE,env:nn(this.state.env,n?.env)});if(f instanceof ct)return this.logResult({stdout:"",stderr:`bash: security violation: ${f.message}
package/dist/bundle/index.js CHANGED
@@ -693,7 +693,7 @@ esac${Ae(e.redirections)}`}function Pa(e){let t=e.patterns.map(ie).join(" | "),s
693
693
  ${s}
694
694
  ${e.terminator}`:`${t})
695
695
  ${e.terminator}`}function Aa(e){return`(${be(e.body)})${Ae(e.redirections)}`}function ka(e){return`{ ${be(e.body)}; }${Ae(e.redirections)}`}function _a(e){return`((${q(e.expression.expression)}))${Ae(e.redirections)}`}function Ca(e){return`[[ ${Ze(e.expression)} ]]${Ae(e.redirections)}`}function xa(e){let t=yi(e.body);return`${e.name}() ${t}${Ae(e.redirections)}`}function q(e){switch(e.type){case"ArithNumber":return String(e.value);case"ArithVariable":return e.hasDollarPrefix?`$${e.name}`:e.name;case"ArithSpecialVar":return`$${e.name}`;case"ArithBinary":return`${q(e.left)} ${e.operator} ${q(e.right)}`;case"ArithUnary":return e.prefix?`${e.operator}${q(e.operand)}`:`${q(e.operand)}${e.operator}`;case"ArithTernary":return`${q(e.condition)} ? ${q(e.consequent)} : ${q(e.alternate)}`;case"ArithAssignment":return`${e.subscript?`${e.variable}[${q(e.subscript)}]`:e.stringKey!==void 0?`${e.variable}[${e.stringKey}]`:e.variable} ${e.operator} ${q(e.value)}`;case"ArithDynamicAssignment":return`${e.subscript?`${q(e.target)}[${q(e.subscript)}]`:q(e.target)} ${e.operator} ${q(e.value)}`;case"ArithDynamicElement":return`${q(e.nameExpr)}[${q(e.subscript)}]`;case"ArithGroup":return`(${q(e.expression)})`;case"ArithNested":return`$((${q(e.expression)}))`;case"ArithCommandSubst":return`$(${e.command})`;case"ArithBracedExpansion":return`\${${e.content}}`;case"ArithArrayElement":return e.stringKey!==void 0?`${e.array}[${e.stringKey}]`:e.index?`${e.array}[${q(e.index)}]`:e.array;case"ArithDynamicBase":return`\${${e.baseExpr}}#${e.value}`;case"ArithDynamicNumber":return`\${${e.prefix}}${e.suffix}`;case"ArithConcat":return e.parts.map(q).join("");case"ArithDoubleSubscript":return`${e.array}[${q(e.index)}]`;case"ArithNumberSubscript":return`${e.number}[${e.errorToken}]`;case"ArithSyntaxError":return e.errorToken;case"ArithSingleQuote":return`'${e.content}'`;default:{let t=e;throw new Error(`Unsupported arithmetic expression type: ${t.type}`)}}}function Ze(e){switch(e.type){case"CondBinary":return`${ie(e.left)} ${e.operator} ${ie(e.right)}`;case"CondUnary":return`${e.operator} ${ie(e.operand)}`;case"CondNot":return`! ${Ze(e.operand)}`;case"CondAnd":return`${Ze(e.left)} && ${Ze(e.right)}`;case"CondOr":return`${Ze(e.left)} || ${Ze(e.right)}`;case"CondGroup":return`( ${Ze(e.expression)} )`;case"CondWord":return ie(e.word);default:{let t=e;throw new Error(`Unsupported conditional expression type: ${t.type}`)}}}var At=class{fs;commands=new Map;useDefaultLayout=!1;limits;secureFetch;sleepFn;traceFn;logger;defenseInDepthConfig;coverageWriter;transformPlugins=[];state;constructor(t={}){let s=t.fs??new Ie(t.files);this.fs=s,this.useDefaultLayout=!t.cwd&&!t.files;let r=t.cwd||(this.useDefaultLayout?"/home/user":"/"),n=new Map([["HOME",this.useDefaultLayout?"/home/user":"/"],["PATH","/usr/bin:/bin"],["IFS",`
696
- `],["OSTYPE","linux-gnu"],["MACHTYPE","x86_64-pc-linux-gnu"],["HOSTTYPE","x86_64"],["HOSTNAME","localhost"],["PWD",r],["OLDPWD",r],["OPTIND","1"],...Object.entries(t.env??{})]);if(this.limits=fi({...t.executionLimits,...t.maxCallDepth!==void 0&&{maxCallDepth:t.maxCallDepth},...t.maxCommandCount!==void 0&&{maxCommandCount:t.maxCommandCount},...t.maxLoopIterations!==void 0&&{maxLoopIterations:t.maxLoopIterations}}),t.network&&(this.secureFetch=yr(t.network)),this.sleepFn=t.sleep,this.traceFn=t.trace,this.logger=t.logger,this.defenseInDepthConfig=t.defenseInDepth,this.coverageWriter=t.coverage,this.state={env:n,cwd:r,previousDir:"/home/user",functions:new Map,localScopes:[],callDepth:0,sourceDepth:0,commandCount:0,lastExitCode:0,lastArg:"",startTime:Date.now(),lastBackgroundPid:0,virtualPid:t.processInfo?.pid??1,virtualPpid:t.processInfo?.ppid??0,virtualUid:t.processInfo?.uid??1e3,virtualGid:t.processInfo?.gid??1e3,bashPid:t.processInfo?.pid??1,nextVirtualPid:(t.processInfo?.pid??1)+1,currentLine:1,options:{errexit:!1,pipefail:!1,nounset:!1,xtrace:!1,verbose:!1,posix:!1,allexport:!1,noclobber:!1,noglob:!1,noexec:!1,vi:!1,emacs:!1},shoptOptions:{extglob:!1,dotglob:!1,nullglob:!1,failglob:!1,globstar:!1,globskipdots:!0,nocaseglob:!1,nocasematch:!1,expand_aliases:!1,lastpipe:!1,xpg_echo:!1},inCondition:!1,loopDepth:0,exportedVars:new Set(["HOME","PATH","PWD","OLDPWD",...Object.keys(t.env||{})]),readonlyVars:new Set(["SHELLOPTS","BASHOPTS"]),hashTable:new Map},this.state.env.set("SHELLOPTS",bs(this.state.options)),this.state.env.set("BASHOPTS",Es(this.state.shoptOptions)),qr(s,this.useDefaultLayout,{pid:this.state.virtualPid,ppid:this.state.virtualPpid,uid:this.state.virtualUid,gid:this.state.virtualGid}),r!=="/"&&s instanceof Ie)try{s.mkdirSync(r,{recursive:!0})}catch{}for(let i of Vr(t.commands))this.registerCommand(i);if(t.network)for(let i of Br())this.registerCommand(i);if(t.python)for(let i of jr())this.registerCommand(i);if(t.customCommands)for(let i of t.customCommands)Ur(i)?this.registerCommand(Hr(i)):this.registerCommand(i)}registerCommand(t){this.commands.set(t.name,t);let s=this.fs;if(typeof s.writeFileSync=="function"){let r=`#!/bin/bash
696
+ `],["OSTYPE","linux-gnu"],["MACHTYPE","x86_64-pc-linux-gnu"],["HOSTTYPE","x86_64"],["HOSTNAME","localhost"],["PWD",r],["OLDPWD",r],["OPTIND","1"],...Object.entries(t.env??{})]);if(this.limits=fi({...t.executionLimits,...t.maxCallDepth!==void 0&&{maxCallDepth:t.maxCallDepth},...t.maxCommandCount!==void 0&&{maxCommandCount:t.maxCommandCount},...t.maxLoopIterations!==void 0&&{maxLoopIterations:t.maxLoopIterations}}),t.fetch?this.secureFetch=t.fetch:t.network&&(this.secureFetch=yr(t.network)),this.sleepFn=t.sleep,this.traceFn=t.trace,this.logger=t.logger,this.defenseInDepthConfig=t.defenseInDepth,this.coverageWriter=t.coverage,this.state={env:n,cwd:r,previousDir:"/home/user",functions:new Map,localScopes:[],callDepth:0,sourceDepth:0,commandCount:0,lastExitCode:0,lastArg:"",startTime:Date.now(),lastBackgroundPid:0,virtualPid:t.processInfo?.pid??1,virtualPpid:t.processInfo?.ppid??0,virtualUid:t.processInfo?.uid??1e3,virtualGid:t.processInfo?.gid??1e3,bashPid:t.processInfo?.pid??1,nextVirtualPid:(t.processInfo?.pid??1)+1,currentLine:1,options:{errexit:!1,pipefail:!1,nounset:!1,xtrace:!1,verbose:!1,posix:!1,allexport:!1,noclobber:!1,noglob:!1,noexec:!1,vi:!1,emacs:!1},shoptOptions:{extglob:!1,dotglob:!1,nullglob:!1,failglob:!1,globstar:!1,globskipdots:!0,nocaseglob:!1,nocasematch:!1,expand_aliases:!1,lastpipe:!1,xpg_echo:!1},inCondition:!1,loopDepth:0,exportedVars:new Set(["HOME","PATH","PWD","OLDPWD",...Object.keys(t.env||{})]),readonlyVars:new Set(["SHELLOPTS","BASHOPTS"]),hashTable:new Map},this.state.env.set("SHELLOPTS",bs(this.state.options)),this.state.env.set("BASHOPTS",Es(this.state.shoptOptions)),qr(s,this.useDefaultLayout,{pid:this.state.virtualPid,ppid:this.state.virtualPpid,uid:this.state.virtualUid,gid:this.state.virtualGid}),r!=="/"&&s instanceof Ie)try{s.mkdirSync(r,{recursive:!0})}catch{}for(let i of Vr(t.commands))this.registerCommand(i);if(t.fetch||t.network)for(let i of Br())this.registerCommand(i);if(t.python)for(let i of jr())this.registerCommand(i);if(t.customCommands)for(let i of t.customCommands)Ur(i)?this.registerCommand(Hr(i)):this.registerCommand(i)}registerCommand(t){this.commands.set(t.name,t);let s=this.fs;if(typeof s.writeFileSync=="function"){let r=`#!/bin/bash
697
697
  # Built-in command: ${t.name}
698
698
  `;try{s.writeFileSync(`/bin/${t.name}`,r)}catch{}try{s.writeFileSync(`/usr/bin/${t.name}`,r)}catch{}}}logResult(t){return this.logger&&(t.stdout&&this.logger.debug("stdout",{output:t.stdout}),t.stderr&&this.logger.info("stderr",{output:t.stderr}),this.logger.info("exit",{exitCode:t.exitCode})),t}async exec(t,s){if(this.state.callDepth===0&&(this.state.commandCount=0),this.state.commandCount++,this.state.commandCount>this.limits.maxCommandCount)return{stdout:"",stderr:`bash: maximum command count (${this.limits.maxCommandCount}) exceeded (possible infinite loop). Increase with executionLimits.maxCommandCount option.
699
699
  `,exitCode:1,env:$e(this.state.env,s?.env)};if(!t.trim())return{stdout:"",stderr:"",exitCode:0,env:$e(this.state.env,s?.env)};this.logger?.info("exec",{command:t});let r=s?.cwd??this.state.cwd,n,i=r;if(s?.cwd)if(s.env&&"PWD"in s.env)n=s.env.PWD;else if(s?.env&&!("PWD"in s.env))try{n=await this.fs.realpath(r),i=n}catch{n=r}else n=r;let o=new Map(this.state.env);if(s?.env)for(let[f,d]of Object.entries(s.env))o.set(f,d);n!==void 0&&o.set("PWD",n);let a={...this.state,env:o,cwd:i,functions:new Map(this.state.functions),localScopes:[...this.state.localScopes],options:{...this.state.options},hashTable:this.state.hashTable,groupStdin:s?.stdin},l=t;s?.rawScript||(l=bi(t));let u=(this.defenseInDepthConfig?ut.getInstance(this.defenseInDepthConfig):null)?.activate();try{let f=async()=>{let d=de(l,{maxHeredocSize:this.limits.maxHeredocSize}),h;if(this.transformPlugins.length>0){let v=Object.create(null);for(let P of this.transformPlugins){let y=P.transform({ast:d,metadata:v});d=y.ast,y.metadata&&(v={...v,...y.metadata})}h=v}let m={fs:this.fs,commands:this.commands,limits:this.limits,exec:this.exec.bind(this),fetch:this.secureFetch,sleep:this.sleepFn,trace:this.traceFn,coverage:this.coverageWriter},S=await new $t(m,a).executeScript(d);return h&&(S.metadata=h),this.logResult(S)};return u?await u.run(f):await f()}catch(f){if(f instanceof j)return this.logResult({stdout:f.stdout,stderr:f.stderr,exitCode:f.exitCode,env:$e(this.state.env,s?.env)});if(f instanceof Ee)return this.logResult({stdout:f.stdout,stderr:f.stderr,exitCode:f.exitCode,env:$e(this.state.env,s?.env)});if(f instanceof je)return this.logResult({stdout:f.stdout,stderr:f.stderr,exitCode:1,env:$e(this.state.env,s?.env)});if(f instanceof ae)return this.logResult({stdout:f.stdout,stderr:f.stderr,exitCode:ae.EXIT_CODE,env:$e(this.state.env,s?.env)});if(f instanceof J)return this.logResult({stdout:"",stderr:`bash: security violation: ${f.message}
package/dist/index.d.ts CHANGED
@@ -10,7 +10,7 @@ export type { BufferEncoding, CpOptions, DirectoryEntry, FileContent, FileEntry,
10
10
  export { MountableFs, type MountableFsOptions, type MountConfig, } from "./fs/mountable-fs/index.js";
11
11
  export { OverlayFs, type OverlayFsOptions } from "./fs/overlay-fs/index.js";
12
12
  export { ReadWriteFs, type ReadWriteFsOptions, } from "./fs/read-write-fs/index.js";
13
- export type { NetworkConfig } from "./network/index.js";
13
+ export type { NetworkConfig, SecureFetch } from "./network/index.js";
14
14
  export { NetworkAccessDeniedError, RedirectNotAllowedError, TooManyRedirectsError, } from "./network/index.js";
15
15
  export { parse } from "./parser/parser.js";
16
16
  export type { CommandFinished as SandboxCommandFinished, OutputMessage, SandboxOptions, WriteFilesInput, } from "./sandbox/index.js";
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "just-bash",
3
- "version": "2.11.6",
3
+ "version": "2.11.7",
4
4
  "description": "A simulated bash environment with virtual filesystem",
5
5
  "repository": {
6
6
  "type": "git",