lsh-framework 0.5.4

package/dist/lib/cloud-config-manager.js

@@ -0,0 +1,347 @@
+/**
+ * Cloud Configuration Manager
+ * Manages shell configuration with Supabase persistence
+ */
+import DatabasePersistence from './database-persistence.js';
+import * as fs from 'fs';
+import * as path from 'path';
+import * as os from 'os';
+export class CloudConfigManager {
+    databasePersistence;
+    options;
+    localConfig = new Map();
+    cloudConfig = new Map();
+    syncTimer;
+    constructor(options = {}) {
+        this.options = {
+            userId: undefined,
+            enableCloudSync: true,
+            localConfigPath: path.join(os.homedir(), '.lshrc'),
+            syncInterval: 60000, // 1 minute
+            ...options,
+        };
+        this.databasePersistence = new DatabasePersistence(this.options.userId);
+        this.loadLocalConfig();
+        if (this.options.enableCloudSync) {
+            this.initializeCloudSync();
+        }
+    }
+    /**
+     * Load local configuration file
+     */
+    loadLocalConfig() {
+        try {
+            if (fs.existsSync(this.options.localConfigPath)) {
+                const content = fs.readFileSync(this.options.localConfigPath, 'utf8');
+                const config = JSON.parse(content);
+                Object.entries(config).forEach(([key, value]) => {
+                    this.localConfig.set(key, {
+                        key,
+                        value,
+                        type: this.getType(value),
+                        isDefault: false,
+                    });
+                });
+            }
+        }
+        catch (error) {
+            console.error('Failed to load local config:', error);
+        }
+    }
+    /**
+     * Save local configuration file
+     */
+    saveLocalConfig() {
+        try {
+            const config = {};
+            this.localConfig.forEach((configValue, key) => {
+                config[key] = configValue.value;
+            });
+            fs.writeFileSync(this.options.localConfigPath, JSON.stringify(config, null, 2));
+        }
+        catch (error) {
+            console.error('Failed to save local config:', error);
+        }
+    }
+    /**
+     * Get type of a value
+     */
+    getType(value) {
+        if (typeof value === 'string')
+            return 'string';
+        if (typeof value === 'number')
+            return 'number';
+        if (typeof value === 'boolean')
+            return 'boolean';
+        if (Array.isArray(value))
+            return 'array';
+        if (typeof value === 'object' && value !== null)
+            return 'object';
+        return 'string';
+    }
+    /**
+     * Initialize cloud synchronization
+     */
+    async initializeCloudSync() {
+        try {
+            const isConnected = await this.databasePersistence.testConnection();
+            if (isConnected) {
+                console.log('✅ Cloud config sync enabled');
+                await this.loadCloudConfig();
+                this.startSyncTimer();
+            }
+            else {
+                console.log('⚠️  Cloud config sync disabled - database not available');
+            }
+        }
+        catch (error) {
+            console.error('Failed to initialize cloud config sync:', error);
+        }
+    }
+    /**
+     * Load configuration from cloud
+     */
+    async loadCloudConfig() {
+        try {
+            const cloudConfigs = await this.databasePersistence.getConfiguration();
+            cloudConfigs.forEach(config => {
+                this.cloudConfig.set(config.config_key, {
+                    key: config.config_key,
+                    value: this.parseConfigValue(config.config_value, config.config_type),
+                    type: config.config_type,
+                    description: config.description,
+                    isDefault: config.is_default,
+                });
+            });
+            // Merge cloud config with local config
+            this.mergeConfigurations();
+        }
+        catch (error) {
+            console.error('Failed to load cloud config:', error);
+        }
+    }
+    /**
+     * Parse configuration value based on type
+     */
+    parseConfigValue(value, type) {
+        try {
+            switch (type) {
+                case 'string':
+                    return value;
+                case 'number':
+                    return parseFloat(value);
+                case 'boolean':
+                    return value === 'true';
+                case 'array':
+                case 'object':
+                    return JSON.parse(value);
+                default:
+                    return value;
+            }
+        }
+        catch (error) {
+            console.error(`Failed to parse config value ${value} as ${type}:`, error);
+            return value;
+        }
+    }
+    /**
+     * Serialize configuration value to string
+     */
+    serializeConfigValue(value, type) {
+        switch (type) {
+            case 'string':
+            case 'number':
+            case 'boolean':
+                return String(value);
+            case 'array':
+            case 'object':
+                return JSON.stringify(value);
+            default:
+                return String(value);
+        }
+    }
+    /**
+     * Merge cloud and local configurations
+     */
+    mergeConfigurations() {
+        // Cloud config takes precedence for non-local overrides
+        this.cloudConfig.forEach((cloudValue, key) => {
+            if (!this.localConfig.has(key)) {
+                this.localConfig.set(key, cloudValue);
+            }
+        });
+    }
+    /**
+     * Start periodic synchronization timer
+     */
+    startSyncTimer() {
+        this.syncTimer = setInterval(() => {
+            this.syncToCloud();
+        }, this.options.syncInterval);
+    }
+    /**
+     * Stop synchronization timer
+     */
+    stopSyncTimer() {
+        if (this.syncTimer) {
+            clearInterval(this.syncTimer);
+            this.syncTimer = undefined;
+        }
+    }
+    /**
+     * Synchronize local configuration to cloud
+     */
+    async syncToCloud() {
+        if (!this.options.enableCloudSync) {
+            return;
+        }
+        try {
+            for (const [key, configValue] of this.localConfig) {
+                await this.databasePersistence.saveConfiguration({
+                    config_key: key,
+                    config_value: this.serializeConfigValue(configValue.value, configValue.type),
+                    config_type: configValue.type,
+                    description: configValue.description,
+                    is_default: configValue.isDefault,
+                });
+            }
+        }
+        catch (error) {
+            console.error('Failed to sync config to cloud:', error);
+        }
+    }
+    /**
+     * Get configuration value
+     */
+    get(key, defaultValue) {
+        const configValue = this.localConfig.get(key);
+        return configValue ? configValue.value : defaultValue;
+    }
+    /**
+     * Set configuration value
+     */
+    set(key, value, description) {
+        const configValue = {
+            key,
+            value,
+            type: this.getType(value),
+            description,
+            isDefault: false,
+        };
+        this.localConfig.set(key, configValue);
+        this.saveLocalConfig();
+        // Sync to cloud if enabled
+        if (this.options.enableCloudSync) {
+            this.syncToCloud().catch(error => {
+                console.error('Failed to sync config to cloud:', error);
+            });
+        }
+    }
+    /**
+     * Get all configuration keys
+     */
+    getKeys() {
+        return Array.from(this.localConfig.keys());
+    }
+    /**
+     * Get all configuration entries
+     */
+    getAll() {
+        return Array.from(this.localConfig.values());
+    }
+    /**
+     * Check if configuration key exists
+     */
+    has(key) {
+        return this.localConfig.has(key);
+    }
+    /**
+     * Delete configuration key
+     */
+    delete(key) {
+        this.localConfig.delete(key);
+        this.saveLocalConfig();
+        // Sync to cloud if enabled
+        if (this.options.enableCloudSync) {
+            this.syncToCloud().catch(error => {
+                console.error('Failed to sync config deletion to cloud:', error);
+            });
+        }
+    }
+    /**
+     * Reset configuration to defaults
+     */
+    reset() {
+        this.localConfig.clear();
+        this.saveLocalConfig();
+        if (this.options.enableCloudSync) {
+            this.syncToCloud().catch(error => {
+                console.error('Failed to sync config reset to cloud:', error);
+            });
+        }
+    }
+    /**
+     * Export configuration to JSON
+     */
+    export() {
+        const config = {};
+        this.localConfig.forEach((configValue, key) => {
+            config[key] = configValue.value;
+        });
+        return JSON.stringify(config, null, 2);
+    }
+    /**
+     * Import configuration from JSON
+     */
+    import(configJson) {
+        try {
+            const config = JSON.parse(configJson);
+            Object.entries(config).forEach(([key, value]) => {
+                this.set(key, value);
+            });
+        }
+        catch (error) {
+            console.error('Failed to import configuration:', error);
+            throw new Error('Invalid configuration JSON');
+        }
+    }
+    /**
+     * Get configuration statistics
+     */
+    getStats() {
+        const types = {};
+        this.localConfig.forEach(configValue => {
+            types[configValue.type] = (types[configValue.type] || 0) + 1;
+        });
+        return {
+            totalKeys: this.localConfig.size,
+            localKeys: this.localConfig.size,
+            cloudKeys: this.cloudConfig.size,
+            types,
+        };
+    }
+    /**
+     * Enable or disable cloud sync
+     */
+    setCloudSyncEnabled(enabled) {
+        this.options.enableCloudSync = enabled;
+        if (enabled) {
+            this.initializeCloudSync();
+        }
+        else {
+            this.stopSyncTimer();
+        }
+    }
+    /**
+     * Cleanup resources
+     */
+    destroy() {
+        this.stopSyncTimer();
+        if (this.options.enableCloudSync) {
+            this.syncToCloud().catch(error => {
+                console.error('Failed to final config sync on destroy:', error);
+            });
+        }
+    }
+}
+export default CloudConfigManager;

package/dist/lib/command-validator.js

@@ -0,0 +1,190 @@
+/**
+ * Command Validation Utilities
+ * Provides security validation for shell commands
+ */
+/**
+ * Dangerous command patterns that should trigger warnings or blocks
+ */
+const DANGEROUS_PATTERNS = [
+    // System modification
+    { pattern: /rm\s+-rf\s+\/(?!\w)/i, message: 'Attempting to delete root filesystem', level: 'critical' },
+    { pattern: /mkfs/i, message: 'Filesystem formatting command detected', level: 'critical' },
+    { pattern: /dd\s+.*of=/i, message: 'Direct disk write detected', level: 'critical' },
+    // Privilege escalation
+    { pattern: /sudo\s+su/i, message: 'Privilege escalation attempt', level: 'high' },
+    { pattern: /sudo\s+.*passwd/i, message: 'Password modification attempt', level: 'high' },
+    // Network exfiltration
+    { pattern: /curl\s+.*\|\s*bash/i, message: 'Remote code execution via curl', level: 'critical' },
+    { pattern: /wget\s+.*\|\s*sh/i, message: 'Remote code execution via wget', level: 'critical' },
+    { pattern: /nc\s+.*-e/i, message: 'Reverse shell attempt with netcat', level: 'critical' },
+    // Data exfiltration
+    { pattern: /cat\s+\/etc\/shadow/i, message: 'Attempting to read shadow password file', level: 'critical' },
+    { pattern: /cat\s+\/etc\/passwd/i, message: 'Attempting to read user account file', level: 'high' },
+    { pattern: /\.ssh\/id_rsa/i, message: 'Attempting to access SSH private keys', level: 'critical' },
+    // Process manipulation
+    { pattern: /kill\s+-9\s+1\b/i, message: 'Attempting to kill init process', level: 'critical' },
+    { pattern: /pkill\s+-9\s+.*sshd/i, message: 'Attempting to kill SSH daemon', level: 'high' },
+    // Obfuscation attempts
+    { pattern: /\$\(.*base64.*\)/i, message: 'Base64 encoded command detected', level: 'high' },
+    { pattern: /eval.*\$\(/i, message: 'Dynamic command evaluation detected', level: 'high' },
+    // eslint-disable-next-line no-control-regex
+    { pattern: /\x00/i, message: 'Null byte injection detected', level: 'critical' },
+];
+/**
+ * Patterns that should trigger warnings but might be legitimate
+ */
+const WARNING_PATTERNS = [
+    { pattern: /rm\s+-rf/i, message: 'Recursive deletion command' },
+    { pattern: /sudo/i, message: 'Elevated privileges requested' },
+    { pattern: /chmod\s+777/i, message: 'Overly permissive file permissions' },
+    { pattern: />\s*\/dev\/sda/i, message: 'Writing to disk device' },
+    { pattern: /curl\s+.*-k/i, message: 'Insecure SSL certificate validation disabled' },
+    { pattern: /:\(\)\{.*:\|:.*\}/i, message: 'Fork bomb pattern detected' },
+];
+/**
+ * Validate a shell command for security issues
+ */
+export function validateCommand(command, options = {}) {
+    const { allowDangerousCommands = false, maxLength = 10000, requireWhitelist = false, whitelist = [] } = options;
+    const result = {
+        isValid: true,
+        warnings: [],
+        errors: [],
+        riskLevel: 'low'
+    };
+    // Basic validation
+    if (!command || typeof command !== 'string') {
+        result.isValid = false;
+        result.errors.push('Command must be a non-empty string');
+        result.riskLevel = 'high';
+        return result;
+    }
+    if (command.trim().length === 0) {
+        result.isValid = false;
+        result.errors.push('Command cannot be empty or whitespace only');
+        result.riskLevel = 'high';
+        return result;
+    }
+    if (command.length > maxLength) {
+        result.isValid = false;
+        result.errors.push(`Command exceeds maximum length of ${maxLength} characters`);
+        result.riskLevel = 'high';
+        return result;
+    }
+    // Whitelist validation
+    if (requireWhitelist) {
+        const commandName = command.trim().split(/\s+/)[0];
+        if (!whitelist.includes(commandName)) {
+            result.isValid = false;
+            result.errors.push(`Command '${commandName}' is not in whitelist`);
+            result.riskLevel = 'high';
+            return result;
+        }
+    }
+    // Check for dangerous patterns
+    for (const { pattern, message, level } of DANGEROUS_PATTERNS) {
+        if (pattern.test(command)) {
+            if (!allowDangerousCommands) {
+                result.isValid = false;
+                result.errors.push(`BLOCKED: ${message}`);
+                result.riskLevel = level;
+            }
+            else {
+                result.warnings.push(`${message} (allowed by configuration)`);
+                if (level === 'critical' || level === 'high') {
+                    result.riskLevel = level;
+                }
+            }
+        }
+    }
+    // Check for warning patterns
+    for (const { pattern, message } of WARNING_PATTERNS) {
+        if (pattern.test(command)) {
+            result.warnings.push(message);
+            if (result.riskLevel === 'low') {
+                result.riskLevel = 'medium';
+            }
+        }
+    }
+    // Additional checks for suspicious patterns
+    const suspiciousChecks = [
+        {
+            test: () => (command.match(/;/g) || []).length > 5,
+            message: 'Excessive command chaining detected',
+            level: 'medium'
+        },
+        {
+            test: () => (command.match(/\|/g) || []).length > 3,
+            message: 'Excessive pipe usage detected',
+            level: 'medium'
+        },
+        {
+            test: () => /\$\([^)]*\$\(/.test(command),
+            message: 'Nested command substitution detected',
+            level: 'high'
+        },
+        {
+            // eslint-disable-next-line no-control-regex
+            test: () => /[\x00-\x08\x0B\x0C\x0E-\x1F]/.test(command),
+            message: 'Control characters detected in command',
+            level: 'high'
+        }
+    ];
+    for (const check of suspiciousChecks) {
+        if (check.test()) {
+            result.warnings.push(check.message);
+            if (check.level === 'high' && result.riskLevel !== 'critical') {
+                result.riskLevel = check.level;
+            }
+            else if (check.level === 'medium' && result.riskLevel === 'low') {
+                result.riskLevel = check.level;
+            }
+        }
+    }
+    return result;
+}
+/**
+ * Sanitize a string for use as a shell argument
+ * Note: This should be used for individual arguments, not full commands
+ */
+export function sanitizeShellArgument(arg) {
+    // Escape dangerous shell characters
+    return arg.replace(/([;&|`$(){}[\]\\<>'"*?~])/g, '\\$1');
+}
+/**
+ * Quote a string for safe use in shell commands
+ */
+export function quoteForShell(str) {
+    // Use single quotes to prevent expansion, escape any single quotes in the string
+    return `'${str.replace(/'/g, "'\\''")}'`;
+}
+/**
+ * Parse command and extract the base command name
+ */
+export function getCommandName(command) {
+    const trimmed = command.trim();
+    // Handle sudo and other prefixes
+    const parts = trimmed.split(/\s+/);
+    let cmdIndex = 0;
+    // Handle 'sudo' prefix
+    if (parts[0] === 'sudo') {
+        cmdIndex = 1;
+    }
+    // Handle 'env' prefix with environment variables
+    else if (parts[0] === 'env') {
+        // Skip environment variable assignments (VAR=value format)
+        cmdIndex = 1;
+        while (cmdIndex < parts.length && parts[cmdIndex].includes('=')) {
+            cmdIndex++;
+        }
+    }
+    const cmdPart = parts[cmdIndex] || '';
+    // Remove path if present
+    return cmdPart.split('/').pop() || '';
+}
+export default {
+    validateCommand,
+    sanitizeShellArgument,
+    quoteForShell,
+    getCommandName
+};