wormclaude 1.0.172 → 1.0.174
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +16 -0
- package/dist/commands.js +14 -1
- package/dist/theme.js +1 -1
- package/dist/tools.js +19 -4
- package/package.json +1 -1
package/dist/cli.js
CHANGED
|
@@ -169,6 +169,22 @@ if (_needLogin) {
|
|
|
169
169
|
await new Promise(() => { }); // çocuk süreci devralana kadar bekle (ana akışa düşme)
|
|
170
170
|
}
|
|
171
171
|
}
|
|
172
|
+
// KORUMALI WORKSPACE FIX: CLI C:\Users / C:\Windows / Program Files / disk-kökü gibi YAZILAMAZ
|
|
173
|
+
// bir yerden açıldıysa dosya yazımı EPERM verir ("bana site yap" → C:\Users\index.html → çöker).
|
|
174
|
+
// Böyle bir durumda kullanıcının yazılabilir ~/wormclaude klasörüne geç.
|
|
175
|
+
try {
|
|
176
|
+
const _d = process.cwd().replace(/[\\/]+$/, '').toLowerCase();
|
|
177
|
+
const _protected = /^[a-z]:[\\/]?$/.test(_d) || /^[a-z]:[\\/]users$/.test(_d) || /[\\/]windows$/.test(_d) || /program files/.test(_d) || _d === '';
|
|
178
|
+
if (_protected) {
|
|
179
|
+
const _safe = path.join(os.homedir(), 'wormclaude');
|
|
180
|
+
try {
|
|
181
|
+
fs.mkdirSync(_safe, { recursive: true });
|
|
182
|
+
process.chdir(_safe);
|
|
183
|
+
}
|
|
184
|
+
catch { /* yok say */ }
|
|
185
|
+
}
|
|
186
|
+
}
|
|
187
|
+
catch { /* yok say */ }
|
|
172
188
|
setToolConfig(config); // Agent/alt-agent araçları aynı config'i kullanır
|
|
173
189
|
setCheckpointStore(process.cwd()); // rewind deposu (/rewind, /checkpoints)
|
|
174
190
|
const MAX_TURNS = Number(process.env.WORMCLAUDE_MAX_TURNS) || 90; // tur limiti
|
package/dist/commands.js
CHANGED
|
@@ -273,6 +273,8 @@ function formatFinding(x) {
|
|
|
273
273
|
return `${sev}${tt('missing security headers', 'eksik güvenlik başlıkları')}: ${(x.missing || []).join(', ')}`;
|
|
274
274
|
if (x.type === 'path')
|
|
275
275
|
return `${sev}${tt('path', 'yol')} ${x.url || ''} → ${x.status || ''}`;
|
|
276
|
+
if (x.type === 'info')
|
|
277
|
+
return `${sev}${x.evidence || x.url || 'info'}`;
|
|
276
278
|
if (x.value)
|
|
277
279
|
return `${x.value}`;
|
|
278
280
|
// GENEL: şablon bulguları (ssrf/ssti/lfi/ldap/cmd-injection/nosql/open-redirect/crlf/graphql/cors/exposure…)
|
|
@@ -317,7 +319,7 @@ export function summarizeScan(target, findings) {
|
|
|
317
319
|
if (low.length)
|
|
318
320
|
out.push((L ? `🔵 ${low.length} düşük (minör): ` : `🔵 ${low.length} low (minor): `) + grp(low, false).map((s) => s.replace(/^ {2}• /, '')).join('; '));
|
|
319
321
|
if (info.length)
|
|
320
|
-
out.push((L ? `⚪ ${info.length} bilgi
|
|
322
|
+
out.push((L ? `⚪ ${info.length} bilgi: ` : `⚪ ${info.length} info: `) + info.map((f) => (f.evidence || f.type || '').toString().split(' — ')[0]).slice(0, 5).join(' · '));
|
|
321
323
|
// verdict
|
|
322
324
|
if (high.length)
|
|
323
325
|
out.push(L ? `\n➤ Sonuç: ${high.length} GERÇEK yüksek-risk açık — acil düzeltilmeli. Detaylı rapor için: /report`
|
|
@@ -496,6 +498,17 @@ async function fullScanCmd(arg, ctx) {
|
|
|
496
498
|
all.push(...f);
|
|
497
499
|
ctx.note(` ${label}: ${f.length} ${tt('finding(s)', 'bulgu')}`);
|
|
498
500
|
}
|
|
501
|
+
// "Parametreli uç bulunamadı" notlarını TEK mesaja topla (her inject tarayıcı bir tane ekliyor → 12 kopya).
|
|
502
|
+
const _np = all.filter((f) => f.note === 'no_params');
|
|
503
|
+
if (_np.length) {
|
|
504
|
+
for (let i = all.length - 1; i >= 0; i--)
|
|
505
|
+
if (all[i].note === 'no_params')
|
|
506
|
+
all.splice(i, 1);
|
|
507
|
+
if (_np.length >= 2) {
|
|
508
|
+
all.push({ type: 'info', severity: 'info', url: target, note: 'no_params',
|
|
509
|
+
evidence: tt(`${_np.length} injection scanners found NO GET parameter to test — target inputs are likely POST forms / behind login (not covered by GET-based scanning; use a parameterized URL or test manually).`, `${_np.length} enjeksiyon tarayıcısı test edecek GET parametresi BULAMADI — hedefin girdileri muhtemelen POST form / login-arkası (GET taraması kapsamı dışı; parametreli URL ver ya da manuel test et).`) });
|
|
510
|
+
}
|
|
511
|
+
}
|
|
499
512
|
const order = { critical: 0, high: 1, medium: 2, low: 3, info: 4 };
|
|
500
513
|
all.sort((a, b) => (order[a.severity] ?? 9) - (order[b.severity] ?? 9));
|
|
501
514
|
setLastScan(target, all); // /report için sakla
|
package/dist/theme.js
CHANGED
package/dist/tools.js
CHANGED
|
@@ -1152,11 +1152,26 @@ export async function executeTool(name, args) {
|
|
|
1152
1152
|
return '';
|
|
1153
1153
|
} })();
|
|
1154
1154
|
recordCheckpoint(fp, _existed ? _wold : null, 'Write'); // rewind: eski hal (yoksa null=sil)
|
|
1155
|
-
|
|
1156
|
-
|
|
1157
|
-
|
|
1155
|
+
let _wfp = fp;
|
|
1156
|
+
try {
|
|
1157
|
+
fs.mkdirSync(path.dirname(path.resolve(_wfp)), { recursive: true });
|
|
1158
|
+
fs.writeFileSync(_wfp, _wnew);
|
|
1159
|
+
}
|
|
1160
|
+
catch (e) {
|
|
1161
|
+
// Korumalı konum (C:\Users root, C:\Windows...) → EPERM/EACCES. Güvenli ~/wormclaude'a yönlendir.
|
|
1162
|
+
if (e && (e.code === 'EPERM' || e.code === 'EACCES')) {
|
|
1163
|
+
const _safe = require('path').join(require('os').homedir(), 'wormclaude');
|
|
1164
|
+
_wfp = require('path').join(_safe, require('path').basename(args.file_path || 'file.txt'));
|
|
1165
|
+
fs.mkdirSync(_safe, { recursive: true });
|
|
1166
|
+
fs.writeFileSync(_wfp, _wnew);
|
|
1167
|
+
}
|
|
1168
|
+
else {
|
|
1169
|
+
throw e;
|
|
1170
|
+
}
|
|
1171
|
+
}
|
|
1172
|
+
readFiles.add(norm(_wfp));
|
|
1158
1173
|
const _ovr = (_existed && _wold !== _wnew) ? ' (uzerine yazildi)' : '';
|
|
1159
|
-
return { ok: true, output: `Wrote ${
|
|
1174
|
+
return { ok: true, output: `Wrote ${_wfp} (${_wnew.length} chars)${_ovr}${diffStat(_wold, _wnew)}` };
|
|
1160
1175
|
}
|
|
1161
1176
|
if (name === 'Edit') {
|
|
1162
1177
|
const fp = resolveWs(args.file_path);
|