Skip to content

Commit

Permalink
Fix: Logger vulnerability and CI graph generation
Browse files Browse the repository at this point in the history
  • Loading branch information
@Its4Nik
Its4Nik committed Jan 17, 2025
1 parent 58a8b02 commit 65bcec8
Show file tree
Hide file tree
Showing 7 changed files with 148 additions and 127 deletions.
151 changes: 80 additions & 71 deletions CREDITS.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,100 +4,109 @@ This file shows all npm packages used in DockStatAPI (also Dev packages)

### License: (MIT AND CC-BY-3.0)

| Name | Repository | Publisher |
| ----------------- | -------------------------------------------- | -------------------- |
| Name | Repository | Publisher |
|------|-------------|-----------|
| [email protected] | https://github.com/kemitchell/spdx-ranges.js | The Linux Foundation |


### License: Apache 2.0

| Name | Repository | Publisher |
| ---------------------- | ------------------------------------------ | --------- |
| [email protected] | https://github.com/gtanner/qrcode-terminal | N/A |
| Name | Repository | Publisher |
|------|-------------|-----------|
| [email protected] | https://github.com/gtanner/qrcode-terminal | N/A |


### License: Apache-2.0

| Name | Repository | Publisher |
| ------------------------------------ | ------------------------------------------------------------------------ | -------------------- |
| @ampproject/remapping@2.3.0 | https://github.com/ampproject/remapping | Justin Ridgewell |
| @balena/dockerignore@1.0.2 | https://github.com/balena-io-modules/dockerignore | N/A |
| @eslint/config-array@0.19.1 | https://github.com/eslint/rewrite | Nicholas C. Zakas |
| @eslint/core@0.9.1 | https://github.com/eslint/rewrite | Nicholas C. Zakas |
| @eslint/object-schema@2.1.5 | https://github.com/eslint/rewrite | Nicholas C. Zakas |
| @eslint/plugin-kit@0.2.4 | https://github.com/eslint/rewrite | Nicholas C. Zakas |
| @humanfs/core@0.19.1 | https://github.com/humanwhocodes/humanfs | Nicholas C. Zakas |
| @humanfs/node@0.16.6 | https://github.com/humanwhocodes/humanfs | Nicholas C. Zakas |
| @humanwhocodes/module-importer@1.0.1 | https://github.com/humanwhocodes/module-importer | Nicholas C. Zaks |
| @humanwhocodes/retry@0.3.1 | https://github.com/humanwhocodes/retry | Nicholas C. Zaks |
| @humanwhocodes/retry@0.4.1 | https://github.com/humanwhocodes/retry | Nicholas C. Zaks |
| @puppeteer/browsers@2.7.0 | https://github.com/puppeteer/puppeteer/tree/main/packages/browsers | The Chromium Authors |
| @scarf/scarf@1.4.0 | https://github.com/scarf-sh/scarf-js | Scarf Systems |
| @sigstore/bundle@3.0.0 | https://github.com/sigstore/sigstore-js | [email protected] |
| @sigstore/core@2.0.0 | https://github.com/sigstore/sigstore-js | [email protected] |
| @sigstore/protobuf-specs@0.3.2 | https://github.com/sigstore/protobuf-specs | [email protected] |
| @sigstore/sign@3.0.0 | https://github.com/sigstore/sigstore-js | [email protected] |
| @sigstore/tuf@3.0.0 | https://github.com/sigstore/sigstore-js | [email protected] |
| @sigstore/verify@2.0.0 | https://github.com/sigstore/sigstore-js | [email protected] |
| [email protected] | https://github.com/holepunchto/b4a | Holepunch |
| [email protected] | https://github.com/holepunchto/bare-events | Holepunch |
| [email protected] | https://github.com/holepunchto/bare-fs | Holepunch |
| [email protected] | https://github.com/holepunchto/bare-os | Holepunch |
| [email protected] | https://github.com/holepunchto/bare-path | Holepunch |
| [email protected] | https://github.com/holepunchto/bare-stream | Holepunch |
| [email protected] | https://github.com/facebook/watchman | Wez Furlong |
| [email protected] | https://github.com/GoogleChromeLabs/chromium-bidi | The Chromium Authors |
| [email protected] | https://github.com/GoogleChromeLabs/chromium-bidi | The Chromium Authors |
| [email protected] | https://github.com/lovell/detect-libc | Lovell Fuller |
| [email protected] | https://github.com/apocas/docker-modem | Pedro Dias |
| [email protected] | https://github.com/apocas/dockerode | Pedro Dias |
| [email protected] | https://github.com/mde/ejs | Matthew Eernisse |
| [email protected] | https://github.com/eslint/eslint-visitor-keys | Toru Nagashima |
| [email protected] | https://github.com/eslint/js | Toru Nagashima |
| [email protected] | https://github.com/coveo/exponential-backoff | Sami Sayegh |
| [email protected] | https://github.com/facebook/watchman | Wez Furlong |
| [email protected] | https://github.com/mde/filelist | Matthew Eernisse |
| [email protected] | https://github.com/ehmicky/human-signals | ehmicky |
| [email protected] | https://github.com/jakejs/jake | Matthew Eernisse |
| [email protected] | https://github.com/puppeteer/puppeteer/tree/main/packages/puppeteer-core | The Chromium Authors |
| [email protected] | https://github.com/puppeteer/puppeteer/tree/main/packages/puppeteer | The Chromium Authors |
| [email protected] | https://github.com/sigstore/sigstore-js | [email protected] |
| [email protected] | https://github.com/jslicense/spdx-correct.js | N/A |
| [email protected] | https://github.com/swagger-api/swagger-ui | N/A |
| [email protected] | https://github.com/holepunchto/text-decoder | Holepunch |
| [email protected] | https://github.com/mikeal/tunnel-agent | Mikeal Rogers |
| [email protected] | https://github.com/microsoft/TypeScript | Microsoft Corp. |
| [email protected] | https://github.com/kemitchell/validate-npm-package-license.js | Kyle E. Mitchell |
| [email protected] | https://github.com/daaku/nodejs-walker | Naitik Shah |
| Name | Repository | Publisher |
|------|-------------|-----------|
| @ampproject/remapping@2.3.0 | https://github.com/ampproject/remapping | Justin Ridgewell |
| @balena/dockerignore@1.0.2 | https://github.com/balena-io-modules/dockerignore | N/A |
| @eslint/config-array@0.19.1 | https://github.com/eslint/rewrite | Nicholas C. Zakas |
| @eslint/core@0.9.1 | https://github.com/eslint/rewrite | Nicholas C. Zakas |
| @eslint/object-schema@2.1.5 | https://github.com/eslint/rewrite | Nicholas C. Zakas |
| @eslint/plugin-kit@0.2.4 | https://github.com/eslint/rewrite | Nicholas C. Zakas |
| @humanfs/core@0.19.1 | https://github.com/humanwhocodes/humanfs | Nicholas C. Zakas |
| @humanfs/node@0.16.6 | https://github.com/humanwhocodes/humanfs | Nicholas C. Zakas |
| @humanwhocodes/module-importer@1.0.1 | https://github.com/humanwhocodes/module-importer | Nicholas C. Zaks |
| @humanwhocodes/retry@0.3.1 | https://github.com/humanwhocodes/retry | Nicholas C. Zaks |
| @humanwhocodes/retry@0.4.1 | https://github.com/humanwhocodes/retry | Nicholas C. Zaks |
| @puppeteer/browsers@2.7.0 | https://github.com/puppeteer/puppeteer/tree/main/packages/browsers | The Chromium Authors |
| @scarf/scarf@1.4.0 | https://github.com/scarf-sh/scarf-js | Scarf Systems |
| @sigstore/bundle@3.0.0 | https://github.com/sigstore/sigstore-js | [email protected] |
| @sigstore/core@2.0.0 | https://github.com/sigstore/sigstore-js | [email protected] |
| @sigstore/protobuf-specs@0.3.2 | https://github.com/sigstore/protobuf-specs | [email protected] |
| @sigstore/sign@3.0.0 | https://github.com/sigstore/sigstore-js | [email protected] |
| @sigstore/tuf@3.0.0 | https://github.com/sigstore/sigstore-js | [email protected] |
| @sigstore/verify@2.0.0 | https://github.com/sigstore/sigstore-js | [email protected] |
| [email protected] | https://github.com/holepunchto/b4a | Holepunch |
| [email protected] | https://github.com/holepunchto/bare-events | Holepunch |
| [email protected] | https://github.com/holepunchto/bare-fs | Holepunch |
| [email protected] | https://github.com/holepunchto/bare-os | Holepunch |
| [email protected] | https://github.com/holepunchto/bare-path | Holepunch |
| [email protected] | https://github.com/holepunchto/bare-stream | Holepunch |
| [email protected] | https://github.com/facebook/watchman | Wez Furlong |
| [email protected] | https://github.com/GoogleChromeLabs/chromium-bidi | The Chromium Authors |
| [email protected] | https://github.com/GoogleChromeLabs/chromium-bidi | The Chromium Authors |
| [email protected] | https://github.com/lovell/detect-libc | Lovell Fuller |
| [email protected] | https://github.com/apocas/docker-modem | Pedro Dias |
| [email protected] | https://github.com/apocas/dockerode | Pedro Dias |
| [email protected] | https://github.com/mde/ejs | Matthew Eernisse |
| [email protected] | https://github.com/eslint/eslint-visitor-keys | Toru Nagashima |
| [email protected] | https://github.com/eslint/js | Toru Nagashima |
| [email protected] | https://github.com/coveo/exponential-backoff | Sami Sayegh |
| [email protected] | https://github.com/facebook/watchman | Wez Furlong |
| [email protected] | https://github.com/mde/filelist | Matthew Eernisse |
| [email protected] | https://github.com/ehmicky/human-signals | ehmicky |
| [email protected] | https://github.com/jakejs/jake | Matthew Eernisse |
| [email protected] | https://github.com/puppeteer/puppeteer/tree/main/packages/puppeteer-core | The Chromium Authors |
| [email protected] | https://github.com/puppeteer/puppeteer/tree/main/packages/puppeteer | The Chromium Authors |
| [email protected] | https://github.com/sigstore/sigstore-js | [email protected] |
| [email protected] | https://github.com/jslicense/spdx-correct.js | N/A |
| [email protected] | https://github.com/swagger-api/swagger-ui | N/A |
| [email protected] | https://github.com/holepunchto/text-decoder | Holepunch |
| [email protected] | https://github.com/mikeal/tunnel-agent | Mikeal Rogers |
| [email protected] | https://github.com/microsoft/TypeScript | Microsoft Corp. |
| [email protected] | https://github.com/kemitchell/validate-npm-package-license.js | Kyle E. Mitchell |
| [email protected] | https://github.com/daaku/nodejs-walker | Naitik Shah |


### License: Artistic-2.0

| Name | Repository | Publisher |
| ---------- | -------------------------- | ----------- |
| Name | Repository | Publisher |
|------|-------------|-----------|
| [email protected] | https://github.com/npm/cli | GitHub Inc. |


### License: BlueOak-1.0.0

| Name | Repository | Publisher |
| ---------------------------- | ------------------------------------------------ | ------------------ |
| [email protected] | https://github.com/isaacs/chownr | Isaac Z. Schlueter |
| [email protected] | https://github.com/isaacs/jackspeak | Isaac Z. Schlueter |
| Name | Repository | Publisher |
|------|-------------|-----------|
| [email protected] | https://github.com/isaacs/chownr | Isaac Z. Schlueter |
| [email protected] | https://github.com/isaacs/jackspeak | Isaac Z. Schlueter |
| [email protected] | https://github.com/isaacs/package-json-from-dist | Isaac Z. Schlueter |
| [email protected] | https://github.com/isaacs/path-scurry | Isaac Z. Schlueter |
| [email protected] | https://github.com/isaacs/yallist | Isaac Z. Schlueter |
| [email protected] | https://github.com/isaacs/path-scurry | Isaac Z. Schlueter |
| [email protected] | https://github.com/isaacs/yallist | Isaac Z. Schlueter |


### License: CC-BY-3.0

| Name | Repository | Publisher |
| --------------------- | -------------------------------------------------- | -------------------- |
| Name | Repository | Publisher |
|------|-------------|-----------|
| [email protected] | https://github.com/kemitchell/spdx-exceptions.json | The Linux Foundation |


### License: CC-BY-4.0

| Name | Repository | Publisher |
| ------------------------- | -------------------------------------------- | ---------- |
| Name | Repository | Publisher |
|------|-------------|-----------|
| [email protected] | https://github.com/browserslist/caniuse-lite | Ben Briggs |


### License: Python-2.0

| Name | Repository | Publisher |
| -------------- | ---------------------------------- | --------- |
| [email protected] | https://github.com/nodeca/argparse | N/A |
| Name | Repository | Publisher |
|------|-------------|-----------|
| [email protected] | https://github.com/nodeca/argparse | N/A |


1 change: 1 addition & 0 deletions environment.d.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ declare global {
// Node specific:
NODE_ENV: "development" | "production" | "testing";
PORT: string | undefined;
CI: "true" | null;
}
}
}
Expand Down
15 changes: 12 additions & 3 deletions src/config/stacks.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -131,9 +131,16 @@ async function writeEnvFile(
}

const dockerEnvPath = path.resolve(stackRootFolder, name, "docker.env");
const dockerEnvPathBak = path.resolve(stackRootFolder, name, ".docker.env.bak");
const dockerEnvPathBak = path.resolve(
stackRootFolder,
name,
".docker.env.bak",
);

if (!dockerEnvPath.startsWith(path.resolve(stackRootFolder)) || !dockerEnvPathBak.startsWith(path.resolve(stackRootFolder))) {
if (
!dockerEnvPath.startsWith(path.resolve(stackRootFolder)) ||
!dockerEnvPathBak.startsWith(path.resolve(stackRootFolder))
) {
const sanitizedStackName = name.replace(/\n|\r/g, "");
const errorMsg = `Path traversal attempt detected: ${sanitizedStackName}`;
logger.error(errorMsg);
Expand Down Expand Up @@ -166,7 +173,9 @@ async function writeEnvFile(
atomicWrite(dockerEnvPath, envFileContent);
return true;
} catch (error: unknown) {
const errorMsg = (error instanceof Error ? error.message : String(error)).replace(/\n|\r/g, "");
const errorMsg = (
error instanceof Error ? error.message : String(error)
).replace(/\n|\r/g, "");
logger.error(errorMsg);
throw new Error(errorMsg);
}
Expand Down
Loading

0 comments on commit 65bcec8

Please sign in to comment.