forked from ultraworkers/claw-code
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathutils.ts
More file actions
144 lines (126 loc) · 3.89 KB
/
Copy pathutils.ts
File metadata and controls
144 lines (126 loc) · 3.89 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
import {
DANGEROUS_SHELL_SETTINGS,
SAFE_ENV_VARS,
} from '../../utils/managedEnvConstants.js'
import type { SettingsJson } from '../../utils/settings/types.js'
import { jsonStringify } from '../../utils/slowOperations.js'
type DangerousShellSetting = (typeof DANGEROUS_SHELL_SETTINGS)[number]
export type DangerousSettings = {
shellSettings: Partial<Record<DangerousShellSetting, string>>
envVars: Record<string, string>
hasHooks: boolean
hooks?: unknown
}
/**
* Extract dangerous settings from a settings object.
*
* Dangerous env vars are determined by checking against SAFE_ENV_VARS -
* any env var NOT in SAFE_ENV_VARS is considered dangerous.
* See managedEnv.ts for the authoritative list and threat categories.
*/
export function extractDangerousSettings(
settings: SettingsJson | null | undefined,
): DangerousSettings {
if (!settings) {
return {
shellSettings: {},
envVars: {},
hasHooks: false,
}
}
// Extract dangerous shell settings
const shellSettings: Partial<Record<DangerousShellSetting, string>> = {}
for (const key of DANGEROUS_SHELL_SETTINGS) {
const value = settings[key]
if (typeof value === 'string' && value.length > 0) {
shellSettings[key] = value
}
}
// Extract dangerous env vars - any var NOT in SAFE_ENV_VARS is dangerous
const envVars: Record<string, string> = {}
if (settings.env && typeof settings.env === 'object') {
for (const [key, value] of Object.entries(settings.env)) {
if (typeof value === 'string' && value.length > 0) {
// Check if this env var is NOT in the safe list
if (!SAFE_ENV_VARS.has(key.toUpperCase())) {
envVars[key] = value
}
}
}
}
// Check for hooks
const hasHooks =
settings.hooks !== undefined &&
settings.hooks !== null &&
typeof settings.hooks === 'object' &&
Object.keys(settings.hooks).length > 0
return {
shellSettings,
envVars,
hasHooks,
hooks: hasHooks ? settings.hooks : undefined,
}
}
/**
* Check if settings contain any dangerous settings
*/
export function hasDangerousSettings(dangerous: DangerousSettings): boolean {
return (
Object.keys(dangerous.shellSettings).length > 0 ||
Object.keys(dangerous.envVars).length > 0 ||
dangerous.hasHooks
)
}
/**
* Compare two sets of dangerous settings to see if the new settings
* have changed or added dangerous settings compared to the old settings
*/
export function hasDangerousSettingsChanged(
oldSettings: SettingsJson | null | undefined,
newSettings: SettingsJson | null | undefined,
): boolean {
const oldDangerous = extractDangerousSettings(oldSettings)
const newDangerous = extractDangerousSettings(newSettings)
// If new settings don't have any dangerous settings, no prompt needed
if (!hasDangerousSettings(newDangerous)) {
return false
}
// If old settings didn't have dangerous settings but new does, prompt needed
if (!hasDangerousSettings(oldDangerous)) {
return true
}
// Compare the dangerous settings - any change triggers a prompt
const oldJson = jsonStringify({
shellSettings: oldDangerous.shellSettings,
envVars: oldDangerous.envVars,
hooks: oldDangerous.hooks,
})
const newJson = jsonStringify({
shellSettings: newDangerous.shellSettings,
envVars: newDangerous.envVars,
hooks: newDangerous.hooks,
})
return oldJson !== newJson
}
/**
* Format dangerous settings as a human-readable list for the UI
* Only returns setting names, not values
*/
export function formatDangerousSettingsList(
dangerous: DangerousSettings,
): string[] {
const items: string[] = []
// Shell settings (names only)
for (const key of Object.keys(dangerous.shellSettings)) {
items.push(key)
}
// Env vars (names only)
for (const key of Object.keys(dangerous.envVars)) {
items.push(key)
}
// Hooks
if (dangerous.hasHooks) {
items.push('hooks')
}
return items
}