Merge 673fb8f8dd into d451e06e84

Update dependencies
refactor: unneeded extra check
2025-02-26 05:25:56 +00:00 · 2025-01-06 12:24:21 +01:00 · 2025-01-04 18:14:17 +08:00 · 2023-11-13 20:58:09 -05:00 · 2023-11-13 20:50:30 -05:00
3 changed files with 253 additions and 168 deletions
--- a/backend/terminal.ts
+++ b/backend/terminal.ts
@ -294,11 +294,14 @@ export class MainTerminal extends InteractiveTerminal {
        // Check if the command is allowed
        const cmdParts = input.split(" ");
        const executable = cmdParts[0].trim();
+        const knownOperators = ["||", "&", ";"];
        log.debug("console", "Executable: " + executable);
        log.debug("console", "Executable length: " + executable.length);

        if (!allowedCommandList.includes(executable)) {
            throw new Error("Command not allowed.");
+        } else if (knownOperators.some(operator => input.includes(operator))) {
+            throw new Error("Control operators are not allowed.");
        }
        super.write(input);
    }
--- a/package.json
+++ b/package.json
@ -40,7 +40,7 @@
        "dotenv": "~16.3.2",
        "express": "~4.21.2",
        "express-static-gzip": "~2.1.8",
-        "http-graceful-shutdown": "~3.1.13",
+        "http-graceful-shutdown": "~3.1.14",
        "jsonwebtoken": "~9.0.2",
        "jwt-decode": "~3.1.2",
        "knex": "~2.5.1",
@ -49,8 +49,8 @@
        "promisify-child-process": "~4.1.2",
        "redbean-node": "~0.3.3",
        "semver": "^7.6.3",
-        "socket.io": "~4.8.0",
-        "socket.io-client": "~4.8.0",
+        "socket.io": "~4.8.1",
+        "socket.io-client": "~4.8.1",
        "timezones-list": "~3.0.3",
        "ts-command-line-args": "~2.5.1",
        "tsx": "~4.19.2",
@ -59,7 +59,7 @@
    },
    "devDependencies": {
        "@actions/github": "^6.0.0",
-        "@fontsource/jetbrains-mono": "^5.1.1",
+        "@fontsource/jetbrains-mono": "^5.1.2",
        "@fortawesome/fontawesome-svg-core": "6.4.2",
        "@fortawesome/free-regular-svg-icons": "6.4.2",
        "@fortawesome/free-solid-svg-icons": "6.4.2",
@ -81,19 +81,19 @@
        "cross-env": "~7.0.3",
        "eslint": "~8.50.0",
        "eslint-plugin-jsdoc": "~46.8.2",
-        "eslint-plugin-vue": "~9.17.0",
+        "eslint-plugin-vue": "~9.32.0",
        "prismjs": "~1.29.0",
        "sass": "~1.68.0",
        "typescript": "~5.2.2",
        "unplugin-vue-components": "~0.25.2",
-        "vite": "~5.4.8",
+        "vite": "~5.4.11",
        "vite-plugin-compression": "~0.5.1",
-        "vue": "~3.5.12",
+        "vue": "~3.5.13",
        "vue-eslint-parser": "~9.3.2",
-        "vue-i18n": "~9.5.0",
+        "vue-i18n": "~10.0.5",
        "vue-prism-editor": "2.0.0-alpha.2",
        "vue-qrcode": "~2.2.2",
-        "vue-router": "~4.2.5",
+        "vue-router": "~4.5.0",
        "vue-toastification": "2.0.0-rc.5",
        "wait-on": "^7.2.0",
        "xterm-addon-web-links": "~0.9.0"
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
Author	SHA1	Message	Date
zx	035782c5ab	Merge `673fb8f8dd` into `d451e06e84`	2025-01-06 12:24:21 +01:00
Louis Lam	d451e06e84	Update dependencies Some checks failed Node.js CI - Dockge / ci (22, ARM) (push) Has been cancelled Details Node.js CI - Dockge / ci (22, ARM64) (push) Has been cancelled Details Node.js CI - Dockge / ci (22, macos-latest) (push) Has been cancelled Details Node.js CI - Dockge / ci (22, ubuntu-latest) (push) Has been cancelled Details Node.js CI - Dockge / ci (22, windows-latest) (push) Has been cancelled Details json-yaml-validate / json-yaml-validate (push) Has been cancelled Details	2025-01-04 18:14:17 +08:00
zx	673fb8f8dd	refactor: unneeded extra check	2023-11-13 20:58:09 -05:00
zx	52ea324129	fix(security): bypass allowed cmds	2023-11-13 20:50:30 -05:00