From 1102a65508b9ae981dd0b1eddeec241d6b0e4322 Mon Sep 17 00:00:00 2001 From: Vikram Kalta Date: Thu, 26 Oct 2023 11:26:44 +0100 Subject: [PATCH 1/2] fix: added pathValidator utility method --- packages/contentstack-bootstrap/package.json | 2 +- .../src/bootstrap/interactive.ts | 4 +++- .../contentstack-bootstrap/src/bootstrap/utils.ts | 1 + packages/contentstack-bulk-publish/package.json | 2 +- .../contentstack-bulk-publish/src/util/store.js | 2 ++ packages/contentstack-clone/package.json | 2 +- packages/contentstack-clone/src/lib/util/log.js | 2 ++ packages/contentstack-migrate-rte/package.json | 2 +- .../src/lib/util/index.js | 2 ++ packages/contentstack-migration/package.json | 2 +- .../src/commands/cm/stacks/migration.js | 15 ++++++++------- packages/contentstack-utilities/package.json | 2 +- packages/contentstack-utilities/src/index.ts | 1 + .../contentstack-utilities/src/path-validator.ts | 10 ++++++++++ 14 files changed, 35 insertions(+), 14 deletions(-) create mode 100644 packages/contentstack-utilities/src/path-validator.ts diff --git a/packages/contentstack-bootstrap/package.json b/packages/contentstack-bootstrap/package.json index e8914a7b3e..b53cdc6e8b 100644 --- a/packages/contentstack-bootstrap/package.json +++ b/packages/contentstack-bootstrap/package.json @@ -1,7 +1,7 @@ { "name": "@contentstack/cli-cm-bootstrap", "description": "Bootstrap contentstack apps", - "version": "1.6.0", + "version": "1.6.1", "author": "Contentstack", "bugs": "https://github.com/contentstack/cli/issues", "scripts": { diff --git a/packages/contentstack-bootstrap/src/bootstrap/interactive.ts b/packages/contentstack-bootstrap/src/bootstrap/interactive.ts index 1ca298b295..3c68e4fe04 100644 --- a/packages/contentstack-bootstrap/src/bootstrap/interactive.ts +++ b/packages/contentstack-bootstrap/src/bootstrap/interactive.ts @@ -3,6 +3,7 @@ const inquirer = require('inquirer'); import { cliux } from '@contentstack/cli-utilities'; import messageHandler from '../messages'; +import { pathValidator } from '@contentstack/cli-utilities'; /** * @description Inquire starter app @@ -58,7 +59,8 @@ export async function inquireCloneDirectory(): Promise { message: messageHandler.parse('CLI_BOOTSTRAP_APP_COPY_SOURCE_CODE_DESTINATION_ENQUIRY'), }, ]); - selectedCustomPath = path.resolve(selectedCustomPath.path); + pathValidator.validatePath(selectedCustomPath.path); + selectedCustomPath = path.normalize(selectedCustomPath.path); return selectedCustomPath; } diff --git a/packages/contentstack-bootstrap/src/bootstrap/utils.ts b/packages/contentstack-bootstrap/src/bootstrap/utils.ts index 351b1aa638..c58ac1687f 100644 --- a/packages/contentstack-bootstrap/src/bootstrap/utils.ts +++ b/packages/contentstack-bootstrap/src/bootstrap/utils.ts @@ -130,6 +130,7 @@ const envFileHandler = async ( customHost = region.cma && region.cma.substring('8'); } const production = environmentVariables.environment === 'production' ? true : false; + // Note: clonedDirectory is already sanitised. switch (appConfigKey) { case 'reactjs': case 'reactjs-starter': diff --git a/packages/contentstack-bulk-publish/package.json b/packages/contentstack-bulk-publish/package.json index cd9dd6a120..b69c434b6d 100644 --- a/packages/contentstack-bulk-publish/package.json +++ b/packages/contentstack-bulk-publish/package.json @@ -1,7 +1,7 @@ { "name": "@contentstack/cli-cm-bulk-publish", "description": "Contentstack CLI plugin for bulk publish actions", - "version": "1.3.13", + "version": "1.3.14", "author": "Contentstack", "bugs": "https://github.com/contentstack/cli/issues", "dependencies": { diff --git a/packages/contentstack-bulk-publish/src/util/store.js b/packages/contentstack-bulk-publish/src/util/store.js index 2a0354f901..6a067f93a7 100644 --- a/packages/contentstack-bulk-publish/src/util/store.js +++ b/packages/contentstack-bulk-publish/src/util/store.js @@ -2,6 +2,7 @@ const fs = require('fs'); const path = require('path'); const config = require('../config/index.js'); const chalk = require('chalk'); +const { pathValidator } = require('@contentstack/cli-utilities'); function save(key, data) { let bulkPublish = config ? config : {}; @@ -49,6 +50,7 @@ function get(key, filePath) { function updateMissing(key, flags) { let savedConfig; + pathValidator.validatePath(flags.config); savedConfig = get(key, path.resolve(flags.config)); Object.keys(savedConfig).forEach((element) => { if (flags[element] === undefined) { diff --git a/packages/contentstack-clone/package.json b/packages/contentstack-clone/package.json index d4b345e29f..7b4c7de56d 100644 --- a/packages/contentstack-clone/package.json +++ b/packages/contentstack-clone/package.json @@ -1,7 +1,7 @@ { "name": "@contentstack/cli-cm-clone", "description": "Contentstack stack clone plugin", - "version": "1.6.0", + "version": "1.6.1", "author": "Contentstack", "bugs": "https://github.com/rohitmishra209/cli-cm-clone/issues", "dependencies": { diff --git a/packages/contentstack-clone/src/lib/util/log.js b/packages/contentstack-clone/src/lib/util/log.js index e7ef87da79..14455269a9 100644 --- a/packages/contentstack-clone/src/lib/util/log.js +++ b/packages/contentstack-clone/src/lib/util/log.js @@ -8,6 +8,7 @@ var winston = require('winston'); var path = require('path'); var mkdirp = require('mkdirp'); var slice = Array.prototype.slice; +const { pathValidator } = require('@contentstack/cli-utilities'); function returnString(args) { var returnStr = ''; @@ -41,6 +42,7 @@ var myCustomLevels = { }; function init(_logPath, logfileName) { + pathValidator.validatePath(logfileName); var logsDir = path.resolve(_logPath, 'logs', 'import'); // Create dir if doesn't already exist mkdirp.sync(logsDir); diff --git a/packages/contentstack-migrate-rte/package.json b/packages/contentstack-migrate-rte/package.json index ac235a1dbc..19fbad52a1 100644 --- a/packages/contentstack-migrate-rte/package.json +++ b/packages/contentstack-migrate-rte/package.json @@ -1,7 +1,7 @@ { "name": "@contentstack/cli-cm-migrate-rte", "description": "Contentstack CLI plugin to migrate HTML RTE to JSON RTE", - "version": "1.4.13", + "version": "1.4.14", "author": "contentstack", "bugs": "https://github.com/contentstack/cli/issues", "dependencies": { diff --git a/packages/contentstack-migrate-rte/src/lib/util/index.js b/packages/contentstack-migrate-rte/src/lib/util/index.js index 509c0309aa..bb4a5fdc2a 100644 --- a/packages/contentstack-migrate-rte/src/lib/util/index.js +++ b/packages/contentstack-migrate-rte/src/lib/util/index.js @@ -15,6 +15,7 @@ const { isPlainObject, } = require('lodash'); const Validator = require('jsonschema').Validator; +const { pathValidator } = require('@contentstack/cli-utilities'); const configSchema = require('./config_schema.json'); const { JSDOM } = require('jsdom'); const collapseWithSpace = require('collapse-whitespace'); @@ -88,6 +89,7 @@ async function getConfig(flags) { let config; if (flags['config-path']) { const configPath = flags['config-path']; + pathValidator.validatePath(configPath); config = require(nodePath.resolve(configPath)); } else { config = { diff --git a/packages/contentstack-migration/package.json b/packages/contentstack-migration/package.json index 61be6b7dc9..83e7059f4b 100644 --- a/packages/contentstack-migration/package.json +++ b/packages/contentstack-migration/package.json @@ -1,6 +1,6 @@ { "name": "@contentstack/cli-migration", - "version": "1.3.14", + "version": "1.3.15", "author": "@contentstack", "bugs": "https://github.com/contentstack/cli/issues", "dependencies": { diff --git a/packages/contentstack-migration/src/commands/cm/stacks/migration.js b/packages/contentstack-migration/src/commands/cm/stacks/migration.js index 631245743c..bf15ed9dab 100644 --- a/packages/contentstack-migration/src/commands/cm/stacks/migration.js +++ b/packages/contentstack-migration/src/commands/cm/stacks/migration.js @@ -8,6 +8,7 @@ const Listr = require('listr'); const { resolve, extname } = require('path'); const { Command } = require('@contentstack/cli-command'); const { waterfall } = require('async'); +const { pathValidator } = require('@contentstack/cli-utilities'); const { Parser } = require('../../../modules'); const { ActionList } = require('../../../actions'); const fs = require('fs'); @@ -129,14 +130,14 @@ class MigrationCommand extends Command { } async execSingleFile(filePath, mapInstance) { - // Resolved absolute path - const resolvedMigrationPath = resolve(filePath); - // User provided migration function - const migrationFunc = require(resolvedMigrationPath); - - const parser = new Parser(); - try { + pathValidator.validatePath(filePath); + // Resolved absolute path + const resolvedMigrationPath = resolve(filePath); + // User provided migration function + const migrationFunc = require(resolvedMigrationPath); + + const parser = new Parser(); const migrationParser = await parser.getMigrationParser(migrationFunc); if (migrationParser.hasErrors) { errorHelper(migrationParser.hasErrors); diff --git a/packages/contentstack-utilities/package.json b/packages/contentstack-utilities/package.json index 9df6b36e8e..8186a358d6 100644 --- a/packages/contentstack-utilities/package.json +++ b/packages/contentstack-utilities/package.json @@ -1,6 +1,6 @@ { "name": "@contentstack/cli-utilities", - "version": "1.5.4", + "version": "1.5.5", "description": "Utilities for contentstack projects", "main": "lib/index.js", "types": "lib/index.d.ts", diff --git a/packages/contentstack-utilities/src/index.ts b/packages/contentstack-utilities/src/index.ts index ee62ee70b6..f861899129 100644 --- a/packages/contentstack-utilities/src/index.ts +++ b/packages/contentstack-utilities/src/index.ts @@ -4,6 +4,7 @@ export { default as CLIError } from './cli-error'; export { default as messageHandler } from './message-handler'; export { default as authHandler } from './auth-handler'; export { default as configHandler } from './config-handler'; +export { default as pathValidator } from './path-validator'; export { default as managementSDKClient, managementSDKInitiator, diff --git a/packages/contentstack-utilities/src/path-validator.ts b/packages/contentstack-utilities/src/path-validator.ts new file mode 100644 index 0000000000..a2ba14bc65 --- /dev/null +++ b/packages/contentstack-utilities/src/path-validator.ts @@ -0,0 +1,10 @@ +class PathValidator { + validatePath(userInput) { + if (!/^[^.]+$/.test(userInput)) { + throw 'The path contains illegal character such as `.`. Please use absolute paths.'; + } + return true; + } +} + +export default new PathValidator(); \ No newline at end of file From a256ee57ad2de4fcd82cee5113df18e5c849f770 Mon Sep 17 00:00:00 2001 From: Vikram Kalta Date: Thu, 26 Oct 2023 11:29:19 +0100 Subject: [PATCH 2/2] fix: updated package-lock --- package-lock.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index 3d69b66d7f..9f39a05032 100644 --- a/package-lock.json +++ b/package-lock.json @@ -23522,7 +23522,7 @@ }, "packages/contentstack-bootstrap": { "name": "@contentstack/cli-cm-bootstrap", - "version": "1.6.0", + "version": "1.6.1", "license": "MIT", "dependencies": { "@contentstack/cli-cm-seed": "~1.6.0", @@ -23662,7 +23662,7 @@ }, "packages/contentstack-bulk-publish": { "name": "@contentstack/cli-cm-bulk-publish", - "version": "1.3.13", + "version": "1.3.14", "license": "MIT", "dependencies": { "@contentstack/cli-command": "~1.2.14", @@ -23711,7 +23711,7 @@ }, "packages/contentstack-clone": { "name": "@contentstack/cli-cm-clone", - "version": "1.6.0", + "version": "1.6.1", "license": "MIT", "dependencies": { "@colors/colors": "^1.5.0", @@ -25073,7 +25073,7 @@ }, "packages/contentstack-migrate-rte": { "name": "@contentstack/cli-cm-migrate-rte", - "version": "1.4.13", + "version": "1.4.14", "license": "MIT", "dependencies": { "@contentstack/cli-command": "~1.2.14", @@ -25112,7 +25112,7 @@ }, "packages/contentstack-migration": { "name": "@contentstack/cli-migration", - "version": "1.3.14", + "version": "1.3.15", "license": "MIT", "dependencies": { "@contentstack/cli-command": "~1.2.14", @@ -25238,7 +25238,7 @@ }, "packages/contentstack-utilities": { "name": "@contentstack/cli-utilities", - "version": "1.5.4", + "version": "1.5.5", "license": "MIT", "dependencies": { "@contentstack/management": "~1.10.2",