Some shell apps care about what order the arguments appear in. When
`parseArgs()` is called with `tokens: true`, it produces this `tokens`
array which represents all the command line options and arguments, in
order, which is useful for these more advanced cases.
This is ported over from an old forgotten branch I'd deleted, then
thankfully managed to dig up again. 😅
Instead of making GroupCommand contain child commands, use a flat array
for commands and implement groups as GroupStartCommand and
GroupEndCommand. This makes it much simpler to iterate the commands
list in order to jump to labels.
Then implement those labels and the commands that use them: b, t, and T.
Also add the s SubstituteCommand, and combine the code for the q and Q
commands.
ExportService gets removed and instead a global class registry is added.
The `init.js` file is split into `init_sync.js` and `init_async.js`
so that synchronous code that isn't dependent on imports is guarenteed
to run before initgui.js. The globalThis scope and service-script API
now expose `def`, a function for registering class definitions, and
`use`, a function for obtaining registered classes.
In the first pass I add a `register` method and update `defineComponent`
so it calls `register` as well. This made it possible to create a
proof-of-concept for registered classes. Additionally ExportService was
added to expose registered classes to service scripts. This first pass
works, but it would be better if all types of classes (components or
otherwise) were registered via the same method.
THe `a.stringOf(' \r\n\t'.split('')),` pattern works fine for small sets
of characters, but is horrible for situations like "any alphanumeric".
Instead, let's make it take a callback function that is run on each
character.
- Detect exit status of Puter apps, now that that's available.
- Store the exit status of each pipeline.
- Display a message when the exit status was non-zero.
That message is temporary, until we have a better way of displaying or
querying it, such as the `$?` shell variable.
`puter.exit()` now takes a status code, similar to the exit status on
desktop OSes. This is passed to the appClosed event, so that eg a
parent app can know whether its child app ran successfully.
This is also basic:
git config key # To read a value
git config key value # To set a value
git config --unset key # To delete a value
As noted, --list is not possible to implement currently.
Previously, this would crash in upload() when trying to iterate the
`entries` array, which is undefined when the `items` parameter is an
unsupported type.
Xterm.js produces two kinds of events: onKey and onData. On a desktop,
these are effectively the same, but on mobile, IME inputs produce data
but not key presses. By listening to onData instead of onKey, we get
that input.
With some experimentation, I also found that we don't need the code to
handle enter, home, end, or Ctrl-Shift-V. All of these function as
expected without that code, so we can remove it and simplify this
further. :^)
From version 5.4.0 onwards, xterm scopes its package names as
`@xterm/foo` instead of just `xterm-foo`.
We currently have a copy of xterm.css which we use instead of directly
including the one from the `@xterm/xterm` package, so I've updated the
contents of that too.
We were triggering webserver events in Kernel. This change improves
adherence to separation-of-concerns and ensures event cascading is
working as expected. This also better formalizes the boot sequence.
These two seem like bugs but are unclear to me how to fix, so I've added
FIXMEs.
/puter/packages/backend/src/routers/kvstore/clearItems.js
41:32 error 'DB_MODE_WRITE' is not defined no-undef
/puter/packages/backend/src/routers/whoami.js
104:35 error 'db' is not defined no-undef
I couldn't figure out how to get a name for the no_suitable_app error
unfortunately, so that's just commented out.
/puter/packages/backend/src/routers/sign.js
65:74 error 'subject' is not defined no-undef
114:59 error 'subject' is not defined no-undef
Solves these eslint issues:
/puter/packages/puter-js/src/modules/UI.js
418:20 error 'itemWatchCallbackFunctions' is not defined no-undef
418:74 error 'itemWatchCallbackFunctions' is not defined no-undef
419:21 error 'itemWatchCallbackFunctions' is not defined no-undef
A couple of issues here:
- We didn't pass the line number to do_grep_line() so `i` was undefined
- Operator precedence messed with the ternary so when line numbers were
requested, the line wouldn't be output.
Found thanks to this now-solved eslint issue:
/puter/packages/phoenix/src/puter-shell/coreutils/grep.js
100:60 error 'i' is not defined no-undef
This was confusing its fallthrough detection:
/puter/packages/phoenix/src/puter-shell/coreutils/date.js
132:21 error Expected a 'break' statement before 'case' no-fallthrough
Found by this eslint issue:
/puter/packages/phoenix/src/puter-shell/coreutils/coreutil_lib/echo_escapes.js
107:59 error 'hexchars' is not defined no-undef
Also make tmp_value non-const because it gets modified later.
Solves these eslint issues:
/puter/packages/phoenix/src/ansi-shell/ioutil/SignalReader.js
45:14 error Unexpected negating the left operand of 'instanceof' operator no-unsafe-negation
46:13 error 'tmp_value' is constant no-const-assign
The `return` looks temporary but I don't know this code well enough.
Solves this eslint issue:
/puter/packages/backend/src/services/runtime-analysis/ExpectationService.js
94:9 error Unreachable code no-unreachable
Fixes these eslint issues:
/puter/packages/backend/src/services/auth/TokenService.js
3:1 error 'def' is not defined no-undef
18:1 error 'defv' is not defined no-undef
61:11 error 'def' is not defined no-undef
69:21 error 'defv' is not defined no-undef
The variable doesn't exist, and we never use it after this. Seems like a
copy-paste error.
Solves these eslint errors:
/puter/packages/backend/src/routers/save_account.js
90:9 error 'uuid_user' is not defined no-undef
91:9 error 'uuid_user' is not defined no-undef
91:21 error 'uuid_user' is not defined no-undef
/puter/packages/backend/src/util/stdioutil.js
26:24 error Unexpected control character(s) in regular expression: \x1b no-control-regex
/puter/packages/backend/src/util/streamutil.js
368:1 error 'string_to_stream' is not defined no-undef
463:5 error 'string_to_stream' is not defined no-undef
/puter/packages/backend/src/util/strutil.js
42:1 error 'format_as_usd' is not defined no-undef
56:5 error 'format_as_usd' is not defined no-undef
/puter/packages/backend/src/services/ContextInitService.js
57:18 error 'async_factory' is not defined no-undef
/puter/packages/backend/src/services/StorageService.js
22:5 error Expected to call 'super()' constructor-super
/puter/packages/backend/src/services/WebServerService.js
258:35 error 'services' is not defined no-undef
/puter/packages/backend/src/services/auth/AuthService.js
52:13 error Unreachable code no-unreachable
/puter/packages/backend/src/services/drivers/implementations/BaseImplementation.js
64:25 error 'services' is not defined no-undef
75:39 error 'services' is not defined no-undef
117:39 error 'services' is not defined no-undef
123:42 error 'services' is not defined no-undef
149:42 error 'services' is not defined no-undef
168:38 error 'services' is not defined no-undef
/puter/packages/backend/src/services/drivers/implementations/PuterDriverProxy.js
43:5 error Expected to call 'super()' constructor-super
44:9 error 'this' is not allowed before 'super()' no-this-before-super
/puter/packages/backend/src/services/drivers/meta/Construct.js
125:9 error Unreachable code no-unreachable
/puter/packages/backend/src/services/runtime-analysis/PagerService.js
49:41 error 'util' is not defined no-undef
/puter/packages/backend/src/routers/open_item.js
48:10 error Unexpected negating the left operand of 'instanceof' operator no-unsafe-negation
/puter/packages/backend/src/routers/save_account.js
106:34 error 'get_user' is not defined no-undef
/puter/packages/backend/src/routers/sign.js
37:10 error Unexpected negating the left operand of 'instanceof' operator no-unsafe-negation
/puter/packages/backend/src/routers/auth/list-permissions.js
36:15 error 'APIError' is not defined no-undef
/puter/packages/backend/src/routers/auth/list-sessions.js
17:15 error 'APIError' is not defined no-undef
/puter/packages/backend/src/routers/auth/revoke-user-app.js
34:15 error 'APIError' is not defined no-undef
43:15 error 'APIError' is not defined no-undef
/puter/packages/backend/src/routers/delete-site.js
43:11 error Unexpected empty object pattern no-empty-pattern
/puter/packages/backend/src/routers/drivers/usage.js
146:11 error 'k' is not defined no-undef
147:21 error 'k' is not defined no-undef
147:52 error 'k' is not defined no-undef
/puter/packages/backend/src/routers/drivers/xd.js
68:5 error 'window' is not defined no-undef
69:21 error Parsing error: The keyword 'interface' is reserved
/puter/packages/backend/src/routers/filesystem_api/batch/all.js
51:21 error 'get_app' is not defined no-undef
224:13 error Unexpected constant condition no-constant-condition
/puter/packages/backend/src/routers/filesystem_api/copy.js
70:10 error Unexpected constant condition no-constant-condition
106:13 error Duplicate key 'new_name' no-dupe-keys
/puter/packages/backend/src/routers/filesystem_api/read.js
80:5 error Unreachable code no-unreachable
/puter/packages/backend/src/routers/filesystem_api/token-read.js
53:9 error Unreachable code no-unreachable
58:9 error Unreachable code no-unreachable
104:5 error Unreachable code no-unreachable
/puter/packages/backend/src/routers/hosting/puter-site.js
65:21 error Unexpected constant nullishness on the left-hand side of a `??` expression no-constant-binary-expression
/puter/packages/backend/src/om/entitystorage/ValidationES.js
89:25 error Do not assign to the exception parameter no-ex-assign
/puter/packages/backend/src/om/proptypes/__all__.js
166:17 warning Unexpected 'debugger' statement no-debugger
/puter/packages/backend/src/routers/_default.js
405:31 error 'err' is not defined no-undef
/puter/packages/backend/src/helpers.js
682:9 error 'sharing_users' is not defined no-undef
689:12 error 'sharing_users' is not defined no-undef
690:28 error 'sharing_users' is not defined no-undef
695:28 error 'sharing_users' is not defined no-undef
720:9 error 'shared_fsentries' is not defined no-undef
733:12 error 'shared_fsentries' is not defined no-undef
734:28 error 'shared_fsentries' is not defined no-undef
735:17 error 'shared_fsentries' is not defined no-undef
735:58 error 'shared_fsentries' is not defined no-undef
736:31 error 'shared_fsentries' is not defined no-undef
900:57 error 'e' is not defined no-undef
1849:18 error Empty block statement no-empty
These currently work in a way that's different from what eslint expects,
so disable it. At some point it would be good if it could check them
(and if the tests could run on CI) but right now they just make a lot of
noise.
Removes or disables the following eslint errors/warnings:
/puter/packages/backend/src/api/filesystem/FlagParam.js
33:19 error 'APIError' is not defined no-undef
47:19 error 'APIError' is not defined no-undef
58:15 error 'APIError' is not defined no-undef
/puter/packages/backend/src/api/filesystem/StringParam.js
32:19 error 'APIError' is not defined no-undef
39:13 error 'APIError' is not defined no-undef
46:19 error 'APIError' is not defined no-undef
/puter/packages/backend/src/filesystem/FilesystemService.js
141:17 warning Unexpected 'debugger' statement no-debugger
366:21 error 'services' is not defined no-undef
/puter/packages/backend/src/filesystem/batch/BatchExecutor.js
121:21 error Do not assign to the exception parameter no-ex-assign
/puter/packages/backend/src/filesystem/hl_operations/hl_data_read.js
44:19 error 'APIError' is not defined no-undef
47:22 error 'chkperm' is not defined no-undef
48:19 error 'APIError' is not defined no-undef
51:29 error 'LLRead' is not defined no-undef
54:13 error 'version_id' is not defined no-undef
88:35 error 'PassThrough' is not defined no-undef
/puter/packages/backend/src/filesystem/hl_operations/hl_mkdir.js
68:49 error 'fs' is not defined no-undef
/puter/packages/backend/src/filesystem/hl_operations/hl_move.js
102:33 error 'get_user' is not defined no-undef
104:35 error 'get_user' is not defined no-undef
110:33 error 'df' is not defined no-undef
/puter/packages/backend/src/filesystem/hl_operations/hl_read.js
54:13 error 'stream' is constant no-const-assign
/puter/packages/backend/src/filesystem/hl_operations/hl_stat.js
40:37 error 'APIError' is not defined no-undef
/puter/packages/backend/src/filesystem/lib/PuterPath.js
67:5 error Expected to return a value in getter 'hasRelativePortion' getter-return
/puter/packages/backend/src/filesystem/ll_operations/ll_copy_idea.js
53:21 error 'UploadProgressTracker' is not defined no-undef
73:17 error 'PuterS3StorageStrategy' is not defined no-undef
137:22 error 'LLFilesystemOperation' is not defined no-undef
/puter/packages/backend/src/filesystem/ll_operations/ll_read.js
102:65 error 'offset' is not defined no-undef
102:73 error 'offset' is not defined no-undef
102:80 error 'length' is not defined no-undef
/puter/packages/backend/src/filesystem/ll_operations/ll_rmnode.js
43:23 error 'APIError' is not defined no-undef
/puter/packages/backend/src/filesystem/storage/SystemFSEntryService.js
101:26 error '_path' is not defined no-undef
/puter/packages/backend/src/filesystem/validation.js
27:29 error Unexpected control character(s) in regular expression: \x00, \x1f no-control-regex
28:29 error Unexpected control character(s) in regular expression: \x00, \x1f no-control-regex
28:31 error Unnecessary escape character: \/ no-useless-escape
When using axios, its dependency follow-redirects only clears authorization header during cross-domain redirect, but allows the proxy-authentication header which contains credentials too.
## Steps To Reproduce & PoC
```js
const axios = require('axios');
axios.get('http://127.0.0.1:10081/', {
headers: {
'AuThorization': 'Rear Test',
'ProXy-AuthoriZation': 'Rear Test',
'coOkie': 't=1'
}
})
.then((response) => {
console.log(response);
})
```
When I meet the cross-domain redirect, the sensitive headers like authorization and cookie are cleared, but proxy-authentication header is kept.
```diff
- removeMatchingHeaders(/^(?:authorization|cookie)$/i, this._options.headers);
+ removeMatchingHeaders(/^(?:authorization|proxy-authorization|cookie)$/i, this._options.headers);
```
CWE-200
`CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N`
CVE-2024-28849
Gives CommandProviders a `complete(query, {ctx})` method where they can provide completed command names, and then make use of this in CommandCompleter.
Supported CommandProvider sources:
- Shell built-ins (was supported previously)
- PATH executables (when running under Node)
- Puter app names (when running in Puter)
Script filenames are not yet supported.
`../bin/foo` should only find `foo` relative to the current working
directory, not to directories in PATH.
Also switch to using the Node path library since PathCommandProvider is
Node-only, and this means getting the correct path separator and
delimiter values on Windows.
