3365bfd5ba
* feat(mcp): add workspace root validation to prevent path traversal - Add workspaceRoot field to Service for restricting file operations - Add WithWorkspaceRoot() option for configuring the workspace directory - Add validatePath() helper to check paths are within workspace - Apply validation to all file operation handlers - Default to current working directory for security - Add comprehensive tests for path validation Closes #82 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * refactor: move CLI commands from pkg/ to internal/cmd/ - Move 18 CLI command packages to internal/cmd/ (not externally importable) - Keep 16 library packages in pkg/ (externally importable) - Update all import paths throughout codebase - Cleaner separation between CLI logic and reusable libraries CLI commands moved: ai, ci, dev, docs, doctor, gitcmd, go, monitor, php, pkgcmd, qa, sdk, security, setup, test, updater, vm, workspace Libraries remaining: agentic, build, cache, cli, container, devops, errors, framework, git, i18n, io, log, mcp, process, release, repos Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * refactor(mcp): use pkg/io Medium for sandboxed file operations Replace manual path validation with pkg/io.Medium for all file operations. This delegates security (path traversal, symlink bypass) to the sandboxed local.Medium implementation. Changes: - Add io.NewSandboxed() for creating sandboxed Medium instances - Refactor MCP Service to use io.Medium instead of direct os.* calls - Remove validatePath and resolvePathWithSymlinks functions - Update tests to verify Medium-based behaviour Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: correct import path and workflow references - Fix pkg/io/io.go import from core-gui to core - Update CI workflows to use internal/cmd/updater path Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(security): address CodeRabbit review issues for path validation - pkg/io/local: add symlink resolution and boundary-aware containment - Reject absolute paths in sandboxed Medium - Use filepath.EvalSymlinks to prevent symlink bypass attacks - Fix prefix check to prevent /tmp/root matching /tmp/root2 - pkg/mcp: fix resolvePath to validate and return errors - Changed resolvePath from (string) to (string, error) - Update deleteFile, renameFile, listDirectory, fileExists to handle errors - Changed New() to return (*Service, error) instead of *Service - Properly propagate option errors instead of silently discarding - pkg/io: wrap errors with E() helper for consistent context - Copy() and MockMedium.Read() now use coreerr.E() - tests: rename to use _Good/_Bad/_Ugly suffixes per coding guidelines - Fix hardcoded /tmp in TestPath to use t.TempDir() - Add TestResolvePath_Bad_SymlinkTraversal test Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * style: fix gofmt formatting Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * style: fix gofmt formatting across all files Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
78 lines
2.1 KiB
Go
78 lines
2.1 KiB
Go
package doctor
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
"os/exec"
|
|
"path/filepath"
|
|
"strings"
|
|
|
|
"github.com/host-uk/core/pkg/i18n"
|
|
"github.com/host-uk/core/pkg/repos"
|
|
)
|
|
|
|
// checkGitHubSSH checks if SSH keys exist for GitHub access
|
|
func checkGitHubSSH() bool {
|
|
// Just check if SSH keys exist - don't try to authenticate
|
|
// (key might be locked/passphrase protected)
|
|
home, err := os.UserHomeDir()
|
|
if err != nil {
|
|
return false
|
|
}
|
|
|
|
sshDir := filepath.Join(home, ".ssh")
|
|
keyPatterns := []string{"id_rsa", "id_ed25519", "id_ecdsa", "id_dsa"}
|
|
|
|
for _, key := range keyPatterns {
|
|
keyPath := filepath.Join(sshDir, key)
|
|
if _, err := os.Stat(keyPath); err == nil {
|
|
return true
|
|
}
|
|
}
|
|
|
|
return false
|
|
}
|
|
|
|
// checkGitHubCLI checks if the GitHub CLI is authenticated
|
|
func checkGitHubCLI() bool {
|
|
cmd := exec.Command("gh", "auth", "status")
|
|
output, _ := cmd.CombinedOutput()
|
|
// Check for any successful login (even if there's also a failing token)
|
|
return strings.Contains(string(output), "Logged in to")
|
|
}
|
|
|
|
// checkWorkspace checks for repos.yaml and counts cloned repos
|
|
func checkWorkspace() {
|
|
registryPath, err := repos.FindRegistry()
|
|
if err == nil {
|
|
fmt.Printf(" %s %s\n", successStyle.Render("✓"), i18n.T("cmd.doctor.repos_yaml_found", map[string]interface{}{"Path": registryPath}))
|
|
|
|
reg, err := repos.LoadRegistry(registryPath)
|
|
if err == nil {
|
|
basePath := reg.BasePath
|
|
if basePath == "" {
|
|
basePath = "./packages"
|
|
}
|
|
if !filepath.IsAbs(basePath) {
|
|
basePath = filepath.Join(filepath.Dir(registryPath), basePath)
|
|
}
|
|
if strings.HasPrefix(basePath, "~/") {
|
|
home, _ := os.UserHomeDir()
|
|
basePath = filepath.Join(home, basePath[2:])
|
|
}
|
|
|
|
// Count existing repos
|
|
allRepos := reg.List()
|
|
var cloned int
|
|
for _, repo := range allRepos {
|
|
repoPath := filepath.Join(basePath, repo.Name)
|
|
if _, err := os.Stat(filepath.Join(repoPath, ".git")); err == nil {
|
|
cloned++
|
|
}
|
|
}
|
|
fmt.Printf(" %s %s\n", successStyle.Render("✓"), i18n.T("cmd.doctor.repos_cloned", map[string]interface{}{"Cloned": cloned, "Total": len(allRepos)}))
|
|
}
|
|
} else {
|
|
fmt.Printf(" %s %s\n", dimStyle.Render("○"), i18n.T("cmd.doctor.no_repos_yaml"))
|
|
}
|
|
}
|