npm - rds_ssm_connect - Versions diffs - 1.7.17 → 1.8.0 - Mend

rds_ssm_connect 1.7.17 → 1.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/configLoader.js +12 -0
package/connect.js +49 -4
package/package.json +1 -1
package/src/lib/Settings.svelte +20 -2
package/src-tauri/Cargo.toml +1 -1
package/src-tauri/src/lib.rs +2 -0
package/src-tauri/tauri.conf.json +1 -1
package/test/configLoader.test.js +52 -0

package/configLoader.js CHANGED Viewed

@@ -50,8 +50,10 @@ const REQUIRED_FIELDS = [
 ]
 const VALID_RDS_TYPES = ['cluster', 'instance']
+const VALID_ENGINES = ['postgres', 'mysql']
 const REGION_PATTERN = /^[a-z]{2}(-[a-z]+-\d+)$/
 const PORT_PATTERN = /^\d+$/
+const SHELL_SAFE_PATTERN = /^[a-zA-Z0-9._!/-]+$/
 export function validateProjectConfig(config) {
   const errors = []
@@ -66,6 +68,16 @@ export function validateProjectConfig(config) {
     errors.push(`rdsType must be one of: ${VALID_RDS_TYPES.join(', ')}`)
   }
+  if (config.engine !== undefined && config.engine !== null && !VALID_ENGINES.includes(config.engine)) {
+    errors.push(`engine must be one of: ${VALID_ENGINES.join(', ')}`)
+  }
+  for (const field of ['secretPrefix', 'rdsPattern', 'database']) {
+    if (config[field] && !SHELL_SAFE_PATTERN.test(config[field])) {
+      errors.push(`${field} contains invalid characters (only alphanumeric, dots, underscores, hyphens, slashes, and ! allowed)`)
+    }
+  }
   if (config.region && !REGION_PATTERN.test(config.region)) {
     errors.push(`Invalid region format: ${config.region}`)
   }

package/connect.js CHANGED Viewed

@@ -14,7 +14,7 @@ import {
 } from './configLoader.js'
 // Package info for version checking
-const packageJson = { name: 'rds_ssm_connect', version: '1.7.17' }
+const packageJson = { name: 'rds_ssm_connect', version: '1.8.0' }
 const execAsync = promisify(exec)
@@ -422,6 +422,15 @@ async function _startPortForwarding(
   )
 }
+// Validation patterns for security
+const PROFILE_SAFE_PATTERN = /^[a-zA-Z0-9._-]+$/
+const INSTANCE_ID_PATTERN = /^i-[a-f0-9]{8,17}$/
+const HOSTNAME_PATTERN = /^[a-zA-Z0-9.-]+$/
+function getDefaultPortForEngine(projectConfig) {
+  return projectConfig.engine === 'mysql' ? '3306' : '5432'
+}
 async function getRdsEndpoint(ENV, projectConfig) {
   const { region, rdsType, rdsPattern } = projectConfig
@@ -438,13 +447,14 @@ async function getRdsEndpoint(ENV, projectConfig) {
 async function getRdsPort(ENV, projectConfig) {
   const { region, rdsType, rdsPattern } = projectConfig
+  const fallbackPort = getDefaultPortForEngine(projectConfig)
   if (rdsType === 'cluster') {
     const portCommand = `aws-vault exec ${ENV} -- aws rds describe-db-clusters --region ${region} --query "DBClusters[?Status=='available' && ends_with(DBClusterIdentifier, '${rdsPattern}')].Port | [0]" --output text`
-    return (await runCommand(portCommand)) || '5432'
+    return (await runCommand(portCommand)) || fallbackPort
   } else {
     const portCommand = `aws-vault exec ${ENV} -- aws rds describe-db-instances --region ${region} --query "DBInstances[?DBInstanceStatus=='available' && contains(DBInstanceIdentifier, '${rdsPattern}')].Endpoint.Port | [0]" --output text`
-    return (await runCommand(portCommand)) || '5432'
+    return (await runCommand(portCommand)) || fallbackPort
   }
 }
@@ -587,6 +597,10 @@ async function getProfilesForProjectKey(projectKey) {
 // Includes keepalive (prevents SSM idle timeout) and auto-reconnect
 // (transparently reconnects on the same port if session drops unexpectedly).
 async function connect(projectKey, profile, options = {}) {
+  if (!PROFILE_SAFE_PATTERN.test(profile)) {
+    throw new Error(`Invalid profile name: ${profile}`)
+  }
   const PROJECT_CONFIGS = await loadProjectConfigs()
   const projectConfig = PROJECT_CONFIGS[projectKey]
   if (!projectConfig) {
@@ -626,6 +640,10 @@ async function connect(projectKey, profile, options = {}) {
   emit('status', { message: 'Finding bastion instance...' })
   let currentInstanceId = await findBastionInstance(profile, region)
+  if (!INSTANCE_ID_PATTERN.test(currentInstanceId)) {
+    throw new Error(`Invalid instance ID format: ${currentInstanceId}`)
+  }
   emit('status', { message: 'Getting RDS endpoint...' })
   let currentRdsEndpoint = await getRdsEndpoint(profile, projectConfig)
@@ -633,6 +651,10 @@ async function connect(projectKey, profile, options = {}) {
     throw new Error('Failed to find the RDS endpoint.')
   }
+  if (!HOSTNAME_PATTERN.test(currentRdsEndpoint)) {
+    throw new Error(`Invalid RDS endpoint format: ${currentRdsEndpoint}`)
+  }
   emit('status', { message: 'Getting RDS port...' })
   const rdsPort = await getRdsPort(profile, projectConfig)
@@ -812,6 +834,12 @@ async function main() {
           message: 'RDS type:',
           choices: ['cluster', 'instance'],
         },
+        {
+          type: 'select',
+          name: 'engine',
+          message: 'Database engine:',
+          choices: ['postgres', 'mysql'],
+        },
         {
           type: 'input',
           name: 'rdsPattern',
@@ -827,7 +855,7 @@ async function main() {
           type: 'input',
           name: 'defaultPort',
           message: 'Default local port:',
-          default: '5432',
+          default: (ctx) => ctx.engine === 'mysql' ? '3306' : '5432',
         },
       ])
@@ -855,6 +883,7 @@ async function main() {
         database: answers.database,
         secretPrefix: answers.secretPrefix,
         rdsType: answers.rdsType,
+        engine: answers.engine,
         rdsPattern: answers.rdsPattern,
         profileFilter: answers.profileFilter || null,
         envPortMapping: envPortMappingInput,
@@ -940,6 +969,11 @@ async function main() {
     const ENV = envAnswer.ENV
+    if (!PROFILE_SAFE_PATTERN.test(ENV)) {
+      console.error('❌ Invalid profile name:', ENV)
+      return
+    }
     // Determine local port number
     const allEnvSuffixes = Object.keys(envPortMapping).sort(
       (a, b) => b.length - a.length,
@@ -988,6 +1022,11 @@ async function main() {
       return
     }
+    if (!INSTANCE_ID_PATTERN.test(INSTANCE_ID)) {
+      console.error('❌ Invalid instance ID format:', INSTANCE_ID)
+      return
+    }
     // Get RDS endpoint
     console.log('⏳ Getting RDS endpoint...')
     const RDS_ENDPOINT = await getRdsEndpoint(ENV, projectConfig)
@@ -997,6 +1036,11 @@ async function main() {
       return
     }
+    if (!HOSTNAME_PATTERN.test(RDS_ENDPOINT)) {
+      console.error('❌ Invalid RDS endpoint format:', RDS_ENDPOINT)
+      return
+    }
     // Get RDS port (remote port)
     const rdsPort = await getRdsPort(ENV, projectConfig)
@@ -1045,6 +1089,7 @@ export {
   findBastionInstance,
   getRdsEndpoint,
   getRdsPort,
+  getDefaultPortForEngine,
   getLocalPort,
   connect,
   ipcEmitter,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "rds_ssm_connect",
-  "version": "1.7.17",
+  "version": "1.8.0",
   "type": "module",
   "repository": {
     "type": "git",

package/src/lib/Settings.svelte CHANGED Viewed

@@ -26,6 +26,7 @@ let projectRegion = $state('us-east-1')
 let projectDatabase = $state('')
 let projectSecretPrefix = $state('')
 let projectRdsType = $state('cluster')
+let projectEngine = $state('postgres')
 let projectRdsPattern = $state('')
 let projectProfileFilter = $state('')
 let projectDefaultPort = $state('5432')
@@ -162,6 +163,11 @@ async function saveRawConfig() {
 // ---- Project config functions ----
+function handleEngineChange(e) {
+  projectEngine = e.target.value
+  projectDefaultPort = projectEngine === 'mysql' ? '3306' : '5432'
+}
 function openAddProject() {
   editingProject = { isNew: true }
   projectKey = ''
@@ -170,6 +176,7 @@ function openAddProject() {
   projectDatabase = ''
   projectSecretPrefix = 'rds!cluster'
   projectRdsType = 'cluster'
+  projectEngine = 'postgres'
   projectRdsPattern = ''
   projectProfileFilter = ''
   projectDefaultPort = '5432'
@@ -184,6 +191,7 @@ function openEditProject(key, config) {
   projectDatabase = config.database
   projectSecretPrefix = config.secretPrefix
   projectRdsType = config.rdsType
+  projectEngine = config.engine || 'postgres'
   projectRdsPattern = config.rdsPattern
   projectProfileFilter = config.profileFilter || ''
   projectDefaultPort = config.defaultPort
@@ -226,6 +234,7 @@ async function saveProject() {
     database: projectDatabase.trim(),
     secretPrefix: projectSecretPrefix.trim(),
     rdsType: projectRdsType,
+    engine: projectEngine,
     rdsPattern: projectRdsPattern.trim(),
     profileFilter: projectProfileFilter.trim() || null,
     envPortMapping,
@@ -393,6 +402,7 @@ onDestroy(() => {
                     <div class="profile-details">
                       <span class="detail">{config.region}</span>
                       <span class="detail">{config.rdsType}</span>
+                      <span class="detail">{config.engine || 'postgres'}</span>
                       <span class="detail">{config.database}</span>
                       <span class="detail">{Object.keys(config.envPortMapping || {}).length} port mappings</span>
                     </div>
@@ -578,11 +588,19 @@ onDestroy(() => {
               </select>
             </div>
             <div class="form-group">
-              <label for="project-rds-pattern">RDS Pattern</label>
-              <input id="project-rds-pattern" type="text" bind:value={projectRdsPattern} placeholder="-rds-aurora" />
+              <label for="project-engine">Engine</label>
+              <select id="project-engine" value={projectEngine} onchange={handleEngineChange}>
+                <option value="postgres">PostgreSQL</option>
+                <option value="mysql">MySQL</option>
+              </select>
             </div>
           </div>
+          <div class="form-group">
+            <label for="project-rds-pattern">RDS Pattern</label>
+            <input id="project-rds-pattern" type="text" bind:value={projectRdsPattern} placeholder="-rds-aurora" />
+          </div>
           <div class="form-row">
             <div class="form-group">
               <label for="project-profile-filter">Profile Filter</label>

package/src-tauri/Cargo.toml CHANGED Viewed

@@ -1,6 +1,6 @@
 [package]
 name = "rds-ssm-connect"
-version = "1.7.17"
+version = "1.8.0"
 description = "Secure RDS connections through AWS SSM"
 authors = ["Iaroslav Pyrogov"]
 edition = "2024"

package/src-tauri/src/lib.rs CHANGED Viewed

@@ -431,6 +431,8 @@ pub struct ProjectConfig {
     pub secret_prefix: String,
     #[serde(rename = "rdsType")]
     pub rds_type: String,
+    #[serde(default)]
+    pub engine: Option<String>,
     #[serde(rename = "rdsPattern")]
     pub rds_pattern: String,
     #[serde(rename = "profileFilter")]

package/src-tauri/tauri.conf.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "$schema": "https://schema.tauri.app/config/2",
   "productName": "RDS SSM Connect",
-  "version": "1.7.17",
+  "version": "1.8.0",
   "identifier": "com.rds-ssm-connect.desktop",
   "build": {
     "beforeDevCommand": "npm run dev:vite",

package/test/configLoader.test.js CHANGED Viewed

@@ -146,5 +146,57 @@ describe('configLoader', () => {
       assert.equal(result.valid, false)
       assert.ok(result.errors.some((e) => e.includes('Port for "dev"')))
     })
+    // Engine validation tests
+    it('should accept config with engine=postgres', () => {
+      const result = validateProjectConfig({ ...validConfig, engine: 'postgres' })
+      assert.equal(result.valid, true)
+    })
+    it('should accept config with engine=mysql', () => {
+      const result = validateProjectConfig({ ...validConfig, engine: 'mysql' })
+      assert.equal(result.valid, true)
+    })
+    it('should accept config without engine field (backward compat)', () => {
+      const { engine: _, ...configWithoutEngine } = validConfig
+      const result = validateProjectConfig(configWithoutEngine)
+      assert.equal(result.valid, true)
+    })
+    it('should reject invalid engine value', () => {
+      const result = validateProjectConfig({ ...validConfig, engine: 'sqlite' })
+      assert.equal(result.valid, false)
+      assert.ok(result.errors.some((e) => e.includes('engine')))
+    })
+    // Shell-safe validation tests
+    it('should reject secretPrefix with shell metacharacters', () => {
+      const result = validateProjectConfig({ ...validConfig, secretPrefix: 'rds;rm -rf /' })
+      assert.equal(result.valid, false)
+      assert.ok(result.errors.some((e) => e.includes('secretPrefix')))
+    })
+    it('should reject rdsPattern with shell metacharacters', () => {
+      const result = validateProjectConfig({ ...validConfig, rdsPattern: '$(whoami)' })
+      assert.equal(result.valid, false)
+      assert.ok(result.errors.some((e) => e.includes('rdsPattern')))
+    })
+    it('should reject database with shell metacharacters', () => {
+      const result = validateProjectConfig({ ...validConfig, database: 'db&echo' })
+      assert.equal(result.valid, false)
+      assert.ok(result.errors.some((e) => e.includes('database')))
+    })
+    it('should accept safe special characters in fields', () => {
+      const result = validateProjectConfig({
+        ...validConfig,
+        secretPrefix: 'rds!cluster-my/prefix',
+        rdsPattern: 'my-rds_pattern.v2',
+        database: 'my_db.prod',
+      })
+      assert.equal(result.valid, true)
+    })
   })
 })