milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Address more code quality issues

Browse source
This commit is contained in:
Reinier Criel 2026-04-10 15:25:50 -07:00
parent eb9d0bba3e
commit 94f77e1330
4 changed files with 49 additions and 54 deletions
Download patch file Download diff file Expand all files Collapse all files

25
install-scripts/install-safe-chain.ps1
View file

@ -9,6 +9,18 @@ param(
$Version = $env:SAFE_CHAIN_VERSION # Will be fetched from latest release if not set $Version = $env:SAFE_CHAIN_VERSION # Will be fetched from latest release if not set
$SafeChainBase = if ($env:SAFE_CHAIN_DIR) { $env:SAFE_CHAIN_DIR } else { Join-Path $env:USERPROFILE ".safe-chain" } $SafeChainBase = if ($env:SAFE_CHAIN_DIR) { $env:SAFE_CHAIN_DIR } else { Join-Path $env:USERPROFILE ".safe-chain" }
# Validate $SafeChainBase before any filesystem operations
if (-not [System.IO.Path]::IsPathRooted($SafeChainBase)) {
Write-Host "[ERROR] SAFE_CHAIN_DIR must be an absolute path, got: $SafeChainBase" -ForegroundColor Red; exit 1
}
if ($SafeChainBase -match '\.\.') {
Write-Host "[ERROR] SAFE_CHAIN_DIR must not contain path traversal (..)" -ForegroundColor Red; exit 1
}
if ($SafeChainBase -match '^[A-Za-z]:[/\\]?$' -or $SafeChainBase -eq '/') {
Write-Host "[ERROR] SAFE_CHAIN_DIR cannot be a root or drive-root directory" -ForegroundColor Red; exit 1
}
$InstallDir = Join-Path $SafeChainBase "bin" $InstallDir = Join-Path $SafeChainBase "bin"
$RepoUrl = "https://github.com/AikidoSec/safe-chain" $RepoUrl = "https://github.com/AikidoSec/safe-chain"
@ -150,19 +162,6 @@ function Remove-VoltaInstallation {
# Main installation # Main installation
function Install-SafeChain { function Install-SafeChain {
# Validate SAFE_CHAIN_DIR before using it to write files
if ($env:SAFE_CHAIN_DIR) {
if (-not [System.IO.Path]::IsPathRooted($env:SAFE_CHAIN_DIR)) {
Write-Error-Custom "SAFE_CHAIN_DIR must be an absolute path, got: $($env:SAFE_CHAIN_DIR)"
}
if ($env:SAFE_CHAIN_DIR -match '\.\.') {
Write-Error-Custom "SAFE_CHAIN_DIR must not contain path traversal (..)"
}
if ($env:SAFE_CHAIN_DIR -match '^[A-Za-z]:[/\\]?$' -or $env:SAFE_CHAIN_DIR -eq '/') {
Write-Error-Custom "SAFE_CHAIN_DIR cannot be a root or drive-root directory"
}
}
# Show deprecation warning if SAFE_CHAIN_VERSION is set # Show deprecation warning if SAFE_CHAIN_VERSION is set
if (-not [string]::IsNullOrWhiteSpace($env:SAFE_CHAIN_VERSION)) { if (-not [string]::IsNullOrWhiteSpace($env:SAFE_CHAIN_VERSION)) {
Write-Warn "SAFE_CHAIN_VERSION environment variable is deprecated." Write-Warn "SAFE_CHAIN_VERSION environment variable is deprecated."

27
install-scripts/install-safe-chain.sh
View file

@ -9,6 +9,19 @@ set -e # Exit on error
# Configuration # Configuration
VERSION="${SAFE_CHAIN_VERSION:-}" # Will be fetched from latest release if not set VERSION="${SAFE_CHAIN_VERSION:-}" # Will be fetched from latest release if not set
SAFE_CHAIN_BASE="${SAFE_CHAIN_DIR:-${HOME}/.safe-chain}" SAFE_CHAIN_BASE="${SAFE_CHAIN_DIR:-${HOME}/.safe-chain}"
# Validate SAFE_CHAIN_BASE before any filesystem operations
case "${SAFE_CHAIN_BASE}" in
/*) ;;
*) printf '[ERROR] SAFE_CHAIN_DIR must be an absolute path, got: %s\n' "${SAFE_CHAIN_BASE}" >&2; exit 1 ;;
esac
case "${SAFE_CHAIN_BASE}" in
*../*|*/..*|..) printf '[ERROR] SAFE_CHAIN_DIR must not contain path traversal (..)\n' >&2; exit 1 ;;
esac
if [ "${SAFE_CHAIN_BASE}" = "/" ]; then
printf '[ERROR] SAFE_CHAIN_DIR cannot be the root directory\n' >&2; exit 1
fi
INSTALL_DIR="${SAFE_CHAIN_BASE}/bin" INSTALL_DIR="${SAFE_CHAIN_BASE}/bin"
REPO_URL="https://github.com/AikidoSec/safe-chain" REPO_URL="https://github.com/AikidoSec/safe-chain"
@ -247,20 +260,6 @@ parse_arguments() {
# Main installation # Main installation
main() { main() {
# Validate SAFE_CHAIN_DIR before using it to write files
if [ -n "${SAFE_CHAIN_DIR}" ]; then
case "${SAFE_CHAIN_DIR}" in
/*) ;; # absolute path — OK
*) error "SAFE_CHAIN_DIR must be an absolute path, got: ${SAFE_CHAIN_DIR}" ;;
esac
case "${SAFE_CHAIN_DIR}" in
*../*|*/..*|..) error "SAFE_CHAIN_DIR must not contain path traversal (..)" ;;
esac
if [ "${SAFE_CHAIN_DIR}" = "/" ]; then
error "SAFE_CHAIN_DIR cannot be the root directory"
fi
fi
# Initialize argument flags # Initialize argument flags
USE_CI_SETUP=false USE_CI_SETUP=false

25
install-scripts/uninstall-safe-chain.ps1
View file

@ -5,6 +5,18 @@
# Use HOME on Unix, USERPROFILE on Windows (PowerShell Core is cross-platform) # Use HOME on Unix, USERPROFILE on Windows (PowerShell Core is cross-platform)
$HomeDir = if ($env:HOME) { $env:HOME } else { $env:USERPROFILE } $HomeDir = if ($env:HOME) { $env:HOME } else { $env:USERPROFILE }
$DotSafeChain = if ($env:SAFE_CHAIN_DIR) { $env:SAFE_CHAIN_DIR } else { Join-Path $HomeDir ".safe-chain" } $DotSafeChain = if ($env:SAFE_CHAIN_DIR) { $env:SAFE_CHAIN_DIR } else { Join-Path $HomeDir ".safe-chain" }
# Validate $DotSafeChain before any filesystem operations
if (-not [System.IO.Path]::IsPathRooted($DotSafeChain)) {
Write-Host "[ERROR] SAFE_CHAIN_DIR must be an absolute path, got: $DotSafeChain" -ForegroundColor Red; exit 1
}
if ($DotSafeChain -match '\.\.') {
Write-Host "[ERROR] SAFE_CHAIN_DIR must not contain path traversal (..)" -ForegroundColor Red; exit 1
}
if ($DotSafeChain -match '^[A-Za-z]:[/\\]?$' -or $DotSafeChain -eq '/') {
Write-Host "[ERROR] SAFE_CHAIN_DIR cannot be a root or drive-root directory" -ForegroundColor Red; exit 1
}
$InstallDir = Join-Path $DotSafeChain "bin" $InstallDir = Join-Path $DotSafeChain "bin"
# Helper functions # Helper functions
@ -75,19 +87,6 @@ function Remove-VoltaInstallation {
# Main uninstallation # Main uninstallation
function Uninstall-SafeChain { function Uninstall-SafeChain {
# Validate SAFE_CHAIN_DIR before using it to delete files
if ($env:SAFE_CHAIN_DIR) {
if (-not [System.IO.Path]::IsPathRooted($env:SAFE_CHAIN_DIR)) {
Write-Error-Custom "SAFE_CHAIN_DIR must be an absolute path, got: $($env:SAFE_CHAIN_DIR)"
}
if ($env:SAFE_CHAIN_DIR -match '\.\.') {
Write-Error-Custom "SAFE_CHAIN_DIR must not contain path traversal (..)"
}
if ($env:SAFE_CHAIN_DIR -match '^[A-Za-z]:[/\\]?$' -or $env:SAFE_CHAIN_DIR -eq '/') {
Write-Error-Custom "SAFE_CHAIN_DIR cannot be a root or drive-root directory"
}
}
Write-Info "Uninstalling safe-chain..." Write-Info "Uninstalling safe-chain..."
# Run teardown if safe-chain is available # Run teardown if safe-chain is available

26
install-scripts/uninstall-safe-chain.sh
View file

@ -9,6 +9,18 @@ set -e # Exit on error
# Configuration # Configuration
DOT_SAFE_CHAIN="${SAFE_CHAIN_DIR:-${HOME}/.safe-chain}" DOT_SAFE_CHAIN="${SAFE_CHAIN_DIR:-${HOME}/.safe-chain}"
# Validate DOT_SAFE_CHAIN before any filesystem operations
case "${DOT_SAFE_CHAIN}" in
/*) ;;
*) printf '[ERROR] SAFE_CHAIN_DIR must be an absolute path, got: %s\n' "${DOT_SAFE_CHAIN}" >&2; exit 1 ;;
esac
case "${DOT_SAFE_CHAIN}" in
*../*|*/..*|..) printf '[ERROR] SAFE_CHAIN_DIR must not contain path traversal (..)\n' >&2; exit 1 ;;
esac
if [ "${DOT_SAFE_CHAIN}" = "/" ]; then
printf '[ERROR] SAFE_CHAIN_DIR cannot be the root directory\n' >&2; exit 1
fi
# Colors for output # Colors for output
RED='\033[0;31m' RED='\033[0;31m'
GREEN='\033[0;32m' GREEN='\033[0;32m'
@ -139,20 +151,6 @@ remove_nvm_installation() {
# Main uninstallation # Main uninstallation
main() { main() {
# Validate SAFE_CHAIN_DIR before using it to delete files
if [ -n "${SAFE_CHAIN_DIR}" ]; then
case "${SAFE_CHAIN_DIR}" in
/*) ;; # absolute path — OK
*) error "SAFE_CHAIN_DIR must be an absolute path, got: ${SAFE_CHAIN_DIR}" ;;
esac
case "${SAFE_CHAIN_DIR}" in
*../*|*/..*|..) error "SAFE_CHAIN_DIR must not contain path traversal (..)" ;;
esac
if [ "${SAFE_CHAIN_DIR}" = "/" ]; then
error "SAFE_CHAIN_DIR cannot be the root directory"
fi
fi
SAFE_CHAIN_LOCATION="$DOT_SAFE_CHAIN/bin/safe-chain" SAFE_CHAIN_LOCATION="$DOT_SAFE_CHAIN/bin/safe-chain"
if [ -x "$SAFE_CHAIN_LOCATION" ]; then if [ -x "$SAFE_CHAIN_LOCATION" ]; then