wormclaude 1.0.172 → 1.0.174

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/cli.js CHANGED
@@ -169,6 +169,22 @@ if (_needLogin) {
169
169
  await new Promise(() => { }); // çocuk süreci devralana kadar bekle (ana akışa düşme)
170
170
  }
171
171
  }
172
+ // KORUMALI WORKSPACE FIX: CLI C:\Users / C:\Windows / Program Files / disk-kökü gibi YAZILAMAZ
173
+ // bir yerden açıldıysa dosya yazımı EPERM verir ("bana site yap" → C:\Users\index.html → çöker).
174
+ // Böyle bir durumda kullanıcının yazılabilir ~/wormclaude klasörüne geç.
175
+ try {
176
+ const _d = process.cwd().replace(/[\\/]+$/, '').toLowerCase();
177
+ const _protected = /^[a-z]:[\\/]?$/.test(_d) || /^[a-z]:[\\/]users$/.test(_d) || /[\\/]windows$/.test(_d) || /program files/.test(_d) || _d === '';
178
+ if (_protected) {
179
+ const _safe = path.join(os.homedir(), 'wormclaude');
180
+ try {
181
+ fs.mkdirSync(_safe, { recursive: true });
182
+ process.chdir(_safe);
183
+ }
184
+ catch { /* yok say */ }
185
+ }
186
+ }
187
+ catch { /* yok say */ }
172
188
  setToolConfig(config); // Agent/alt-agent araçları aynı config'i kullanır
173
189
  setCheckpointStore(process.cwd()); // rewind deposu (/rewind, /checkpoints)
174
190
  const MAX_TURNS = Number(process.env.WORMCLAUDE_MAX_TURNS) || 90; // tur limiti
package/dist/commands.js CHANGED
@@ -273,6 +273,8 @@ function formatFinding(x) {
273
273
  return `${sev}${tt('missing security headers', 'eksik güvenlik başlıkları')}: ${(x.missing || []).join(', ')}`;
274
274
  if (x.type === 'path')
275
275
  return `${sev}${tt('path', 'yol')} ${x.url || ''} → ${x.status || ''}`;
276
+ if (x.type === 'info')
277
+ return `${sev}${x.evidence || x.url || 'info'}`;
276
278
  if (x.value)
277
279
  return `${x.value}`;
278
280
  // GENEL: şablon bulguları (ssrf/ssti/lfi/ldap/cmd-injection/nosql/open-redirect/crlf/graphql/cors/exposure…)
@@ -317,7 +319,7 @@ export function summarizeScan(target, findings) {
317
319
  if (low.length)
318
320
  out.push((L ? `🔵 ${low.length} düşük (minör): ` : `🔵 ${low.length} low (minor): `) + grp(low, false).map((s) => s.replace(/^ {2}• /, '')).join('; '));
319
321
  if (info.length)
320
- out.push((L ? `⚪ ${info.length} bilgi (korumalı/bilgilendirme): ` : `⚪ ${info.length} info: `) + grp(info, false).map((s) => s.replace(/^ {2}• /, '')).join('; '));
322
+ out.push((L ? `⚪ ${info.length} bilgi: ` : `⚪ ${info.length} info: `) + info.map((f) => (f.evidence || f.type || '').toString().split(' — ')[0]).slice(0, 5).join(' · '));
321
323
  // verdict
322
324
  if (high.length)
323
325
  out.push(L ? `\n➤ Sonuç: ${high.length} GERÇEK yüksek-risk açık — acil düzeltilmeli. Detaylı rapor için: /report`
@@ -496,6 +498,17 @@ async function fullScanCmd(arg, ctx) {
496
498
  all.push(...f);
497
499
  ctx.note(` ${label}: ${f.length} ${tt('finding(s)', 'bulgu')}`);
498
500
  }
501
+ // "Parametreli uç bulunamadı" notlarını TEK mesaja topla (her inject tarayıcı bir tane ekliyor → 12 kopya).
502
+ const _np = all.filter((f) => f.note === 'no_params');
503
+ if (_np.length) {
504
+ for (let i = all.length - 1; i >= 0; i--)
505
+ if (all[i].note === 'no_params')
506
+ all.splice(i, 1);
507
+ if (_np.length >= 2) {
508
+ all.push({ type: 'info', severity: 'info', url: target, note: 'no_params',
509
+ evidence: tt(`${_np.length} injection scanners found NO GET parameter to test — target inputs are likely POST forms / behind login (not covered by GET-based scanning; use a parameterized URL or test manually).`, `${_np.length} enjeksiyon tarayıcısı test edecek GET parametresi BULAMADI — hedefin girdileri muhtemelen POST form / login-arkası (GET taraması kapsamı dışı; parametreli URL ver ya da manuel test et).`) });
510
+ }
511
+ }
499
512
  const order = { critical: 0, high: 1, medium: 2, low: 3, info: 4 };
500
513
  all.sort((a, b) => (order[a.severity] ?? 9) - (order[b.severity] ?? 9));
501
514
  setLastScan(target, all); // /report için sakla
package/dist/theme.js CHANGED
@@ -16,4 +16,4 @@ export const theme = {
16
16
  synType: '#a78bfa', // tip/sınıf adları, sabitler
17
17
  synProp: '#e0e0e0', // özellik/anahtar adları
18
18
  };
19
- export const VERSION = '1.0.172';
19
+ export const VERSION = '1.0.174';
package/dist/tools.js CHANGED
@@ -1152,11 +1152,26 @@ export async function executeTool(name, args) {
1152
1152
  return '';
1153
1153
  } })();
1154
1154
  recordCheckpoint(fp, _existed ? _wold : null, 'Write'); // rewind: eski hal (yoksa null=sil)
1155
- fs.mkdirSync(path.dirname(path.resolve(fp)), { recursive: true });
1156
- fs.writeFileSync(fp, _wnew);
1157
- readFiles.add(norm(fp));
1155
+ let _wfp = fp;
1156
+ try {
1157
+ fs.mkdirSync(path.dirname(path.resolve(_wfp)), { recursive: true });
1158
+ fs.writeFileSync(_wfp, _wnew);
1159
+ }
1160
+ catch (e) {
1161
+ // Korumalı konum (C:\Users root, C:\Windows...) → EPERM/EACCES. Güvenli ~/wormclaude'a yönlendir.
1162
+ if (e && (e.code === 'EPERM' || e.code === 'EACCES')) {
1163
+ const _safe = require('path').join(require('os').homedir(), 'wormclaude');
1164
+ _wfp = require('path').join(_safe, require('path').basename(args.file_path || 'file.txt'));
1165
+ fs.mkdirSync(_safe, { recursive: true });
1166
+ fs.writeFileSync(_wfp, _wnew);
1167
+ }
1168
+ else {
1169
+ throw e;
1170
+ }
1171
+ }
1172
+ readFiles.add(norm(_wfp));
1158
1173
  const _ovr = (_existed && _wold !== _wnew) ? ' (uzerine yazildi)' : '';
1159
- return { ok: true, output: `Wrote ${fp} (${_wnew.length} chars)${_ovr}${diffStat(_wold, _wnew)}` };
1174
+ return { ok: true, output: `Wrote ${_wfp} (${_wnew.length} chars)${_ovr}${diffStat(_wold, _wnew)}` };
1160
1175
  }
1161
1176
  if (name === 'Edit') {
1162
1177
  const fp = resolveWs(args.file_path);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "wormclaude",
3
- "version": "1.0.172",
3
+ "version": "1.0.174",
4
4
  "description": "WormClaude CLI - uncensored security+code assistant (ink TUI, Claude-style)",
5
5
  "type": "module",
6
6
  "bin": {