f47e8211fb
* feat(mcp): add workspace root validation to prevent path traversal - Add workspaceRoot field to Service for restricting file operations - Add WithWorkspaceRoot() option for configuring the workspace directory - Add validatePath() helper to check paths are within workspace - Apply validation to all file operation handlers - Default to current working directory for security - Add comprehensive tests for path validation Closes #82 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * refactor: move CLI commands from pkg/ to internal/cmd/ - Move 18 CLI command packages to internal/cmd/ (not externally importable) - Keep 16 library packages in pkg/ (externally importable) - Update all import paths throughout codebase - Cleaner separation between CLI logic and reusable libraries CLI commands moved: ai, ci, dev, docs, doctor, gitcmd, go, monitor, php, pkgcmd, qa, sdk, security, setup, test, updater, vm, workspace Libraries remaining: agentic, build, cache, cli, container, devops, errors, framework, git, i18n, io, log, mcp, process, release, repos Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * refactor(mcp): use pkg/io Medium for sandboxed file operations Replace manual path validation with pkg/io.Medium for all file operations. This delegates security (path traversal, symlink bypass) to the sandboxed local.Medium implementation. Changes: - Add io.NewSandboxed() for creating sandboxed Medium instances - Refactor MCP Service to use io.Medium instead of direct os.* calls - Remove validatePath and resolvePathWithSymlinks functions - Update tests to verify Medium-based behaviour Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: correct import path and workflow references - Fix pkg/io/io.go import from core-gui to core - Update CI workflows to use internal/cmd/updater path Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(security): address CodeRabbit review issues for path validation - pkg/io/local: add symlink resolution and boundary-aware containment - Reject absolute paths in sandboxed Medium - Use filepath.EvalSymlinks to prevent symlink bypass attacks - Fix prefix check to prevent /tmp/root matching /tmp/root2 - pkg/mcp: fix resolvePath to validate and return errors - Changed resolvePath from (string) to (string, error) - Update deleteFile, renameFile, listDirectory, fileExists to handle errors - Changed New() to return (*Service, error) instead of *Service - Properly propagate option errors instead of silently discarding - pkg/io: wrap errors with E() helper for consistent context - Copy() and MockMedium.Read() now use coreerr.E() - tests: rename to use _Good/_Bad/_Ugly suffixes per coding guidelines - Fix hardcoded /tmp in TestPath to use t.TempDir() - Add TestResolvePath_Bad_SymlinkTraversal test Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * style: fix gofmt formatting Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * style: fix gofmt formatting across all files Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
83 lines
2.2 KiB
Go
83 lines
2.2 KiB
Go
package sdk
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/getkin/kin-openapi/openapi3"
|
|
"github.com/oasdiff/oasdiff/checker"
|
|
"github.com/oasdiff/oasdiff/diff"
|
|
"github.com/oasdiff/oasdiff/load"
|
|
)
|
|
|
|
// DiffResult holds the result of comparing two OpenAPI specs.
|
|
type DiffResult struct {
|
|
// Breaking is true if breaking changes were detected.
|
|
Breaking bool
|
|
// Changes is the list of breaking changes.
|
|
Changes []string
|
|
// Summary is a human-readable summary.
|
|
Summary string
|
|
}
|
|
|
|
// Diff compares two OpenAPI specs and detects breaking changes.
|
|
func Diff(basePath, revisionPath string) (*DiffResult, error) {
|
|
loader := openapi3.NewLoader()
|
|
loader.IsExternalRefsAllowed = true
|
|
|
|
// Load specs
|
|
baseSpec, err := load.NewSpecInfo(loader, load.NewSource(basePath))
|
|
if err != nil {
|
|
return nil, fmt.Errorf("sdk.Diff: failed to load base spec: %w", err)
|
|
}
|
|
|
|
revSpec, err := load.NewSpecInfo(loader, load.NewSource(revisionPath))
|
|
if err != nil {
|
|
return nil, fmt.Errorf("sdk.Diff: failed to load revision spec: %w", err)
|
|
}
|
|
|
|
// Compute diff with operations sources map for better error reporting
|
|
diffResult, operationsSources, err := diff.GetWithOperationsSourcesMap(diff.NewConfig(), baseSpec, revSpec)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("sdk.Diff: failed to compute diff: %w", err)
|
|
}
|
|
|
|
// Check for breaking changes
|
|
config := checker.NewConfig(checker.GetAllChecks())
|
|
breaks := checker.CheckBackwardCompatibilityUntilLevel(
|
|
config,
|
|
diffResult,
|
|
operationsSources,
|
|
checker.ERR, // Only errors (breaking changes)
|
|
)
|
|
|
|
// Build result
|
|
result := &DiffResult{
|
|
Breaking: len(breaks) > 0,
|
|
Changes: make([]string, 0, len(breaks)),
|
|
}
|
|
|
|
localizer := checker.NewDefaultLocalizer()
|
|
for _, b := range breaks {
|
|
result.Changes = append(result.Changes, b.GetUncolorizedText(localizer))
|
|
}
|
|
|
|
if result.Breaking {
|
|
result.Summary = fmt.Sprintf("%d breaking change(s) detected", len(breaks))
|
|
} else {
|
|
result.Summary = "No breaking changes"
|
|
}
|
|
|
|
return result, nil
|
|
}
|
|
|
|
// DiffExitCode returns the exit code for CI integration.
|
|
// 0 = no breaking changes, 1 = breaking changes, 2 = error
|
|
func DiffExitCode(result *DiffResult, err error) int {
|
|
if err != nil {
|
|
return 2
|
|
}
|
|
if result.Breaking {
|
|
return 1
|
|
}
|
|
return 0
|
|
}
|