mirror of
https://github.com/AutoMaker-Org/automaker.git
synced 2026-01-31 06:42:03 +00:00
8ed2fa07a0
Fix multiple command injection and security vulnerabilities in the worktree initialization script system: **Critical Fixes:** - Add branch name validation to prevent command injection in create/delete endpoints - Replace string interpolation with array-based command execution using spawnProcess - Implement safe environment variable allowlist to prevent credential exposure - Add script content validation with 1MB size limit and dangerous pattern detection **Code Quality:** - Centralize execGitCommand helper in common.ts using @automaker/platform's spawnProcess - Remove duplicate isGitRepo implementation, standardize imports to @automaker/git-utils - Follow DRY principle by reusing existing platform utilities - Add comprehensive JSDoc documentation with security examples This addresses 6 critical/high severity vulnerabilities identified in security audit: 1. Command injection via unsanitized branch names (delete.ts) 2. Command injection via unsanitized branch names (create.ts) 3. Missing branch validation in init script execution 4. Environment variable exposure (ANTHROPIC_API_KEY and other secrets) 5. Path injection via command substitution 6. Arbitrary script execution without content limits Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
76 lines
2.1 KiB
TypeScript
76 lines
2.1 KiB
TypeScript
/**
|
|
* Middleware for worktree route validation
|
|
*/
|
|
|
|
import type { Request, Response, NextFunction } from 'express';
|
|
import { isGitRepo } from '@automaker/git-utils';
|
|
import { hasCommits } from './common.js';
|
|
|
|
interface ValidationOptions {
|
|
/** Check if the path is a git repository (default: true) */
|
|
requireGitRepo?: boolean;
|
|
/** Check if the repository has at least one commit (default: true) */
|
|
requireCommits?: boolean;
|
|
/** The name of the request body field containing the path (default: 'worktreePath') */
|
|
pathField?: 'worktreePath' | 'projectPath';
|
|
}
|
|
|
|
/**
|
|
* Middleware factory to validate that a path is a valid git repository with commits.
|
|
* This reduces code duplication across route handlers.
|
|
*
|
|
* @param options - Validation options
|
|
* @returns Express middleware function
|
|
*/
|
|
export function requireValidGitRepo(options: ValidationOptions = {}) {
|
|
const { requireGitRepo = true, requireCommits = true, pathField = 'worktreePath' } = options;
|
|
|
|
return async (req: Request, res: Response, next: NextFunction): Promise<void> => {
|
|
const repoPath = req.body[pathField] as string | undefined;
|
|
|
|
if (!repoPath) {
|
|
// Let the route handler deal with missing path validation
|
|
next();
|
|
return;
|
|
}
|
|
|
|
if (requireGitRepo && !(await isGitRepo(repoPath))) {
|
|
res.status(400).json({
|
|
success: false,
|
|
error: 'Not a git repository',
|
|
code: 'NOT_GIT_REPO',
|
|
});
|
|
return;
|
|
}
|
|
|
|
if (requireCommits && !(await hasCommits(repoPath))) {
|
|
res.status(400).json({
|
|
success: false,
|
|
error: 'Repository has no commits yet',
|
|
code: 'NO_COMMITS',
|
|
});
|
|
return;
|
|
}
|
|
|
|
next();
|
|
};
|
|
}
|
|
|
|
/**
|
|
* Middleware to validate git repo for worktreePath field
|
|
*/
|
|
export const requireValidWorktree = requireValidGitRepo({ pathField: 'worktreePath' });
|
|
|
|
/**
|
|
* Middleware to validate git repo for projectPath field
|
|
*/
|
|
export const requireValidProject = requireValidGitRepo({ pathField: 'projectPath' });
|
|
|
|
/**
|
|
* Middleware to validate git repo without requiring commits (for commit route)
|
|
*/
|
|
export const requireGitRepoOnly = requireValidGitRepo({
|
|
pathField: 'worktreePath',
|
|
requireCommits: false,
|
|
});
|