pal-explorer-cli 0.4.0

package/lib/core/extensionAnalyzer.js

@@ -0,0 +1,357 @@
+import * as acorn from 'acorn';
+import * as walk from 'acorn-walk';
+import fs from 'fs';
+import path from 'path';
+
+const BLOCKED_MODULES = new Set([
+  'child_process', 'cluster', 'dgram', 'dns', 'http2',
+  'inspector', 'net', 'repl', 'tls', 'vm', 'worker_threads',
+]);
+
+const DANGEROUS_GLOBALS = new Set([
+  'eval', 'Function',
+]);
+
+const DANGEROUS_PROCESS_PROPS = new Set([
+  'exit', 'kill', 'abort', 'env', 'dlopen', 'binding', '_linkedBinding',
+]);
+
+const DANGEROUS_PROPERTY_ACCESS = new Set([
+  'constructor', '__proto__', 'prototype',
+]);
+
+function analyzeCode(code, filePath = '<unknown>') {
+  const findings = [];
+  let ast;
+
+  try {
+    ast = acorn.parse(code, {
+      ecmaVersion: 'latest',
+      sourceType: 'module',
+      allowImportExportEverywhere: true,
+      locations: true,
+    });
+  } catch (err) {
+    findings.push({
+      type: 'parse-error',
+      severity: 'high',
+      message: `Failed to parse: ${err.message}`,
+      line: err.loc?.line,
+    });
+    return { findings, blocked: [], dangerous: findings };
+  }
+
+  const blocked = [];
+  const dangerous = [];
+
+  // ── Static imports: import ... from 'module' ──
+  walk.simple(ast, {
+    ImportDeclaration(node) {
+      const mod = node.source.value;
+      if (BLOCKED_MODULES.has(mod)) {
+        const f = {
+          type: 'blocked-import',
+          severity: 'critical',
+          message: `Static import of blocked module '${mod}'`,
+          module: mod,
+          line: node.loc?.start.line,
+        };
+        findings.push(f);
+        blocked.push(f);
+      }
+    },
+  });
+
+  // ── Dynamic imports: import('module') and await import('module') ──
+  walk.simple(ast, {
+    ImportExpression(node) {
+      if (node.source.type === 'Literal' && typeof node.source.value === 'string') {
+        const mod = node.source.value;
+        if (BLOCKED_MODULES.has(mod)) {
+          const f = {
+            type: 'blocked-import',
+            severity: 'critical',
+            message: `Dynamic import of blocked module '${mod}'`,
+            module: mod,
+            line: node.loc?.start.line,
+          };
+          findings.push(f);
+          blocked.push(f);
+        }
+      } else {
+        // Non-literal dynamic import — always dangerous (can import anything at runtime)
+        const f = {
+          type: 'dynamic-import',
+          severity: 'high',
+          message: 'Non-literal dynamic import() — can bypass module restrictions at runtime',
+          line: node.loc?.start.line,
+        };
+        findings.push(f);
+        dangerous.push(f);
+      }
+    },
+  });
+
+  // ── require() calls ──
+  walk.simple(ast, {
+    CallExpression(node) {
+      // require('module')
+      if (node.callee.type === 'Identifier' && node.callee.name === 'require') {
+        if (node.arguments[0]?.type === 'Literal' && typeof node.arguments[0].value === 'string') {
+          const mod = node.arguments[0].value;
+          if (BLOCKED_MODULES.has(mod)) {
+            const f = {
+              type: 'blocked-import',
+              severity: 'critical',
+              message: `require() of blocked module '${mod}'`,
+              module: mod,
+              line: node.loc?.start.line,
+            };
+            findings.push(f);
+            blocked.push(f);
+          }
+        } else if (node.arguments[0]?.type !== 'Literal') {
+          const f = {
+            type: 'dynamic-require',
+            severity: 'high',
+            message: 'Non-literal require() — can bypass module restrictions at runtime',
+            line: node.loc?.start.line,
+          };
+          findings.push(f);
+          dangerous.push(f);
+        }
+      }
+
+      // eval(...)
+      if (node.callee.type === 'Identifier' && node.callee.name === 'eval') {
+        const f = {
+          type: 'eval',
+          severity: 'critical',
+          message: 'eval() — arbitrary code execution',
+          line: node.loc?.start.line,
+        };
+        findings.push(f);
+        dangerous.push(f);
+      }
+
+      // new Function(...)
+      if (node.callee.type === 'MemberExpression' &&
+          node.callee.object?.name === 'Function' &&
+          node.callee.property?.name === 'constructor') {
+        const f = {
+          type: 'function-constructor',
+          severity: 'critical',
+          message: 'Function.constructor() — arbitrary code execution',
+          line: node.loc?.start.line,
+        };
+        findings.push(f);
+        dangerous.push(f);
+      }
+    },
+
+    NewExpression(node) {
+      // new Function(...)
+      if (node.callee.type === 'Identifier' && node.callee.name === 'Function') {
+        const f = {
+          type: 'function-constructor',
+          severity: 'critical',
+          message: 'new Function() — arbitrary code execution',
+          line: node.loc?.start.line,
+        };
+        findings.push(f);
+        dangerous.push(f);
+      }
+    },
+  });
+
+  // ── process.exit/kill/env/abort/binding ──
+  walk.simple(ast, {
+    MemberExpression(node) {
+      if (node.object.type === 'Identifier' && node.object.name === 'process' &&
+          node.property.type === 'Identifier' && DANGEROUS_PROCESS_PROPS.has(node.property.name)) {
+        const f = {
+          type: 'process-access',
+          severity: node.property.name === 'env' ? 'high' : 'critical',
+          message: `process.${node.property.name} — ${getProcessMessage(node.property.name)}`,
+          line: node.loc?.start.line,
+        };
+        findings.push(f);
+        dangerous.push(f);
+      }
+
+      // globalThis[...] / global[...] — computed property access on globals
+      if (node.computed && node.object.type === 'Identifier' &&
+          (node.object.name === 'globalThis' || node.object.name === 'global')) {
+        const f = {
+          type: 'global-computed-access',
+          severity: 'high',
+          message: `Computed property access on ${node.object.name} — can access any global`,
+          line: node.loc?.start.line,
+        };
+        findings.push(f);
+        dangerous.push(f);
+      }
+
+      // Reflect.* usage
+      if (node.object.type === 'Identifier' && node.object.name === 'Reflect') {
+        const f = {
+          type: 'reflect',
+          severity: 'medium',
+          message: `Reflect.${node.property?.name || '?'} — can modify object behavior`,
+          line: node.loc?.start.line,
+        };
+        findings.push(f);
+        dangerous.push(f);
+      }
+
+      // __proto__ access
+      if (node.property.type === 'Identifier' && node.property.name === '__proto__') {
+        const f = {
+          type: 'proto-access',
+          severity: 'high',
+          message: '__proto__ access — prototype pollution risk',
+          line: node.loc?.start.line,
+        };
+        findings.push(f);
+        dangerous.push(f);
+      }
+    },
+  });
+
+  // ── Proxy usage ──
+  walk.simple(ast, {
+    NewExpression(node) {
+      if (node.callee.type === 'Identifier' && node.callee.name === 'Proxy') {
+        const f = {
+          type: 'proxy',
+          severity: 'medium',
+          message: 'new Proxy() — can intercept all object operations',
+          line: node.loc?.start.line,
+        };
+        findings.push(f);
+        dangerous.push(f);
+      }
+    },
+  });
+
+  // ── Object.defineProperty on globals ──
+  walk.simple(ast, {
+    CallExpression(node) {
+      if (node.callee.type === 'MemberExpression' &&
+          node.callee.object?.name === 'Object' &&
+          (node.callee.property?.name === 'defineProperty' || node.callee.property?.name === 'defineProperties')) {
+        const target = node.arguments?.[0];
+        if (target?.type === 'Identifier' &&
+            (target.name === 'globalThis' || target.name === 'global' || target.name === 'process' || target.name === 'window')) {
+          const f = {
+            type: 'global-modification',
+            severity: 'critical',
+            message: `Object.${node.callee.property.name}(${target.name}) — modifying global objects`,
+            line: node.loc?.start.line,
+          };
+          findings.push(f);
+          dangerous.push(f);
+        }
+      }
+    },
+  });
+
+  // ── String concatenation tricks to build module names ──
+  // Check for patterns like: const m = 'child' + '_process'; import(m)
+  // This is caught by the non-literal dynamic import check above
+
+  return {
+    findings,
+    blocked,
+    dangerous,
+    hasCritical: findings.some(f => f.severity === 'critical'),
+    hasHigh: findings.some(f => f.severity === 'high'),
+    summary: {
+      total: findings.length,
+      critical: findings.filter(f => f.severity === 'critical').length,
+      high: findings.filter(f => f.severity === 'high').length,
+      medium: findings.filter(f => f.severity === 'medium').length,
+    },
+  };
+}
+
+function analyzeFile(filePath) {
+  try {
+    const code = fs.readFileSync(filePath, 'utf8');
+    return analyzeCode(code, filePath);
+  } catch (err) {
+    return {
+      findings: [{ type: 'read-error', severity: 'high', message: `Cannot read file: ${err.message}` }],
+      blocked: [],
+      dangerous: [],
+      hasCritical: false,
+      hasHigh: true,
+      summary: { total: 1, critical: 0, high: 1, medium: 0 },
+    };
+  }
+}
+
+function walkJsFiles(dir, baseName, results = []) {
+  try {
+    const entries = fs.readdirSync(dir, { withFileTypes: true });
+    for (const entry of entries) {
+      if (entry.name === 'node_modules' || entry.name === '.git') continue;
+      const full = path.join(dir, entry.name);
+      if (entry.isDirectory()) {
+        walkJsFiles(full, baseName, results);
+      } else if (entry.isFile() && entry.name.endsWith('.js') && entry.name !== baseName) {
+        results.push(full);
+      }
+    }
+  } catch {}
+  return results;
+}
+
+function analyzeExtension(extPath, manifest) {
+  const mainFile = path.join(extPath, manifest.main || 'index.js');
+  const results = [analyzeFile(mainFile)];
+
+  // Recursively scan all .js files in the extension directory (not node_modules)
+  const jsFiles = walkJsFiles(extPath, manifest.main || 'index.js');
+  for (const filePath of jsFiles) {
+    results.push(analyzeFile(filePath));
+  }
+
+  const merged = {
+    findings: results.flatMap(r => r.findings),
+    blocked: results.flatMap(r => r.blocked),
+    dangerous: results.flatMap(r => r.dangerous),
+  };
+  merged.hasCritical = merged.findings.some(f => f.severity === 'critical');
+  merged.hasHigh = merged.findings.some(f => f.severity === 'high');
+  merged.summary = {
+    total: merged.findings.length,
+    critical: merged.findings.filter(f => f.severity === 'critical').length,
+    high: merged.findings.filter(f => f.severity === 'high').length,
+    medium: merged.findings.filter(f => f.severity === 'medium').length,
+  };
+
+  return merged;
+}
+
+function getProcessMessage(prop) {
+  const msgs = {
+    exit: 'can crash the host application',
+    kill: 'can kill processes',
+    abort: 'can crash the process immediately',
+    env: 'can access environment secrets',
+    dlopen: 'can load native modules',
+    binding: 'can access internal Node.js bindings',
+    _linkedBinding: 'can access internal Node.js bindings',
+  };
+  return msgs[prop] || 'dangerous process access';
+}
+
+export {
+  analyzeCode,
+  analyzeFile,
+  analyzeExtension,
+  BLOCKED_MODULES,
+  DANGEROUS_GLOBALS,
+  DANGEROUS_PROCESS_PROPS,
+};

package/lib/core/extensionSandbox.js

@@ -0,0 +1,250 @@
+import { Worker, MessageChannel } from 'worker_threads';
+import path from 'path';
+import fs from 'fs';
+import crypto from 'crypto';
+import { fileURLToPath } from 'url';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const WORKER_PATH = path.join(__dirname, 'extensionWorkerHost.js');
+
+const WORKER_MEMORY_LIMIT_MB = 64;
+const HOOK_TIMEOUT_MS = 5000;
+const ACTIVATE_TIMEOUT_MS = 10000;
+
+class SandboxedExtension {
+  constructor(extPath, manifest, context) {
+    this.extPath = extPath;
+    this.manifest = manifest;
+    this.context = context;
+    this.worker = null;
+    this.pendingCalls = new Map();
+    this.callId = 0;
+    this.alive = false;
+  }
+
+  async start() {
+    const perms = this.manifest.permissions || [];
+    const allowedPaths = this._resolveAllowedPaths();
+
+    this.worker = new Worker(WORKER_PATH, {
+      workerData: {
+        extPath: this.extPath,
+        main: this.manifest.main || 'index.js',
+        permissions: perms,
+        allowedPaths,
+        config: this.context.configSnapshot || {},
+        appInfo: this.context.appInfo || {},
+        extName: this.manifest.name,
+      },
+      resourceLimits: {
+        maxOldGenerationSizeMb: WORKER_MEMORY_LIMIT_MB,
+        maxYoungGenerationSizeMb: WORKER_MEMORY_LIMIT_MB / 4,
+      },
+    });
+
+    this.alive = true;
+
+    this.worker.on('message', (msg) => this._handleMessage(msg));
+    this.worker.on('error', (err) => {
+      console.error(`[sandbox:${this.manifest.name}] Worker error:`, err.message);
+      this.alive = false;
+      this._rejectAll(err);
+    });
+    this.worker.on('exit', (code) => {
+      this.alive = false;
+      if (code !== 0) {
+        console.error(`[sandbox:${this.manifest.name}] Worker exited with code ${code}`);
+      }
+      this._rejectAll(new Error(`Worker exited with code ${code}`));
+    });
+
+    await this._call('activate', {}, ACTIVATE_TIMEOUT_MS);
+  }
+
+  async callHook(event, payload) {
+    if (!this.alive) return { blocked: false };
+    try {
+      return await this._call('hook', { event, payload }, HOOK_TIMEOUT_MS);
+    } catch (err) {
+      console.error(`[sandbox:${this.manifest.name}] Hook ${event} error:`, err.message);
+      return { blocked: false };
+    }
+  }
+
+  async stop() {
+    if (!this.alive) return;
+    try {
+      await this._call('deactivate', {}, 5000);
+    } catch {}
+    this.worker.terminate();
+    this.alive = false;
+  }
+
+  _call(method, args, timeout) {
+    return new Promise((resolve, reject) => {
+      const id = ++this.callId;
+      const timer = setTimeout(() => {
+        this.pendingCalls.delete(id);
+        reject(new Error(`Timeout calling ${method} after ${timeout}ms`));
+      }, timeout);
+
+      this.pendingCalls.set(id, { resolve, reject, timer });
+      this.worker.postMessage({ type: 'call', id, method, args });
+    });
+  }
+
+  _handleMessage(msg) {
+    if (msg.type === 'response') {
+      const pending = this.pendingCalls.get(msg.id);
+      if (pending) {
+        clearTimeout(pending.timer);
+        this.pendingCalls.delete(msg.id);
+        if (msg.error) pending.reject(new Error(msg.error));
+        else pending.resolve(msg.result);
+      }
+    } else if (msg.type === 'api-call') {
+      this._handleApiCall(msg);
+    } else if (msg.type === 'log') {
+      const level = msg.level || 'info';
+      console[level](`[ext:${this.manifest.name}]`, ...msg.args);
+    }
+  }
+
+  async _handleApiCall(msg) {
+    const perms = new Set(this.manifest.permissions || []);
+    let result, error;
+
+    try {
+      switch (msg.method) {
+        case 'config.get': {
+          if (!perms.has('config:read')) throw new Error('Permission denied: config:read');
+          result = this.context.configGet(msg.args.key);
+          break;
+        }
+        case 'config.set': {
+          if (!perms.has('config:write')) throw new Error('Permission denied: config:write');
+          this.context.configSet(msg.args.key, msg.args.value);
+          result = true;
+          break;
+        }
+        case 'store.get': {
+          if (!perms.has('store:read')) throw new Error('Permission denied: store:read');
+          result = this.context.storeGet(msg.args.key);
+          break;
+        }
+        case 'store.set': {
+          if (!perms.has('store:write')) throw new Error('Permission denied: store:write');
+          const valStr = JSON.stringify(msg.args.value);
+          if (valStr && valStr.length > 1048576) {
+            throw new Error('Store value exceeds 1MB limit');
+          }
+          const storeKeys = this.context.storeKeys?.() || [];
+          if (storeKeys.length >= 1000 && !storeKeys.includes(msg.args.key)) {
+            throw new Error('Store key limit exceeded (max 1000)');
+          }
+          this.context.storeSet(msg.args.key, msg.args.value);
+          result = true;
+          break;
+        }
+        case 'store.delete': {
+          if (!perms.has('store:write')) throw new Error('Permission denied: store:write');
+          this.context.storeDelete(msg.args.key);
+          result = true;
+          break;
+        }
+        case 'identity.get': {
+          if (!perms.has('identity:read')) throw new Error('Permission denied: identity:read');
+          result = this.context.getIdentity();
+          break;
+        }
+        case 'shares.list': {
+          if (!perms.has('shares:read')) throw new Error('Permission denied: shares:read');
+          result = this.context.listShares();
+          break;
+        }
+        case 'peers.list': {
+          if (!perms.has('peers:read')) throw new Error('Permission denied: peers:read');
+          result = this.context.listPeers();
+          break;
+        }
+        case 'http.fetch': {
+          if (!perms.has('net:http')) throw new Error('Permission denied: net:http');
+          this.context.logHttpCall(msg.args.url, msg.args.opts?.method || 'GET');
+          const resp = await fetch(msg.args.url, {
+            ...msg.args.opts,
+            signal: AbortSignal.timeout(30000),
+          });
+          result = {
+            status: resp.status,
+            headers: Object.fromEntries(resp.headers),
+            body: await resp.text(),
+          };
+          break;
+        }
+        case 'fs.read': {
+          if (!perms.has('fs:read')) throw new Error('Permission denied: fs:read');
+          const resolved = path.resolve(msg.args.filePath);
+          this._enforcePathScope(resolved);
+          result = fs.readFileSync(resolved, msg.args.encoding || 'utf8');
+          break;
+        }
+        case 'fs.write': {
+          if (!perms.has('fs:write')) throw new Error('Permission denied: fs:write');
+          const resolvedW = path.resolve(msg.args.filePath);
+          this._enforcePathScope(resolvedW);
+          fs.writeFileSync(resolvedW, msg.args.data);
+          result = true;
+          break;
+        }
+        case 'fs.delete': {
+          if (!perms.has('fs:delete')) throw new Error('Permission denied: fs:delete');
+          const resolvedD = path.resolve(msg.args.filePath);
+          this._enforcePathScope(resolvedD);
+          fs.unlinkSync(resolvedD);
+          result = true;
+          break;
+        }
+        case 'notify.show': {
+          if (!perms.has('notifications')) throw new Error('Permission denied: notifications');
+          this.context.notify(msg.args.title, msg.args.body);
+          result = true;
+          break;
+        }
+        default:
+          throw new Error(`Unknown API method: ${msg.method}`);
+      }
+    } catch (err) {
+      error = err.message;
+    }
+
+    this.worker.postMessage({ type: 'api-response', id: msg.id, result, error });
+  }
+
+  _enforcePathScope(filePath) {
+    let resolved;
+    try { resolved = fs.realpathSync(filePath); } catch { resolved = path.resolve(filePath); }
+    const allowed = this._resolveAllowedPaths();
+    const inScope = allowed.some(p => resolved.startsWith(p + path.sep) || resolved === p);
+    if (!inScope) {
+      throw new Error(`Path access denied: ${filePath} is outside allowed paths`);
+    }
+  }
+
+  _resolveAllowedPaths() {
+    if (this._cachedPaths) return this._cachedPaths;
+    const shares = this.context.listShares ? this.context.listShares() : [];
+    const sharePaths = shares.map(s => path.resolve(s.path)).filter(Boolean);
+    this._cachedPaths = sharePaths.length > 0 ? sharePaths : [];
+    return this._cachedPaths;
+  }
+
+  _rejectAll(err) {
+    for (const [id, pending] of this.pendingCalls) {
+      clearTimeout(pending.timer);
+      pending.reject(err);
+    }
+    this.pendingCalls.clear();
+  }
+}
+
+export { SandboxedExtension, WORKER_MEMORY_LIMIT_MB, HOOK_TIMEOUT_MS, ACTIVATE_TIMEOUT_MS };