diff --git a/lib/Scripts/JsonScripts.go b/lib/Scripts/JsonScripts.go index 33bff90..3c6f8cb 100644 --- a/lib/Scripts/JsonScripts.go +++ b/lib/Scripts/JsonScripts.go @@ -30,7 +30,7 @@ func JsonScripts(cwd, ext string) { if file.IsDir() { continue } else if file.Name() == "package.json" { - filePath := filepath.Join(cwd, "package.json") + filePath := filepath.Join(cwd, filepath.Clean("package.json")) fileContent, err := os.ReadFile(filePath) if err != nil { errors.Check_Err(err) @@ -58,7 +58,7 @@ func JsonScripts(cwd, ext string) { os.Exit(1) } - err = os.WriteFile(filePath, updatedContent, 0644) + err = os.WriteFile(filePath, updatedContent, 0600) if err != nil { errors.Check_Err(err) os.Exit(1) diff --git a/lib/cli/prompt.go b/lib/cli/prompt.go index 6557a42..c9f12ae 100644 --- a/lib/cli/prompt.go +++ b/lib/cli/prompt.go @@ -3,15 +3,15 @@ package cli import ( "encoding/json" "fmt" - "io" - "os" - "strings" - "github.com/charmbracelet/bubbles/list" tea "github.com/charmbracelet/bubbletea" "github.com/charmbracelet/lipgloss" "github.com/urizennnn/express-cli/errors" "github.com/urizennnn/express-cli/lib/functions/config" + "io" + "os" + p "path/filepath" + "strings" ) const listHeight = 14 @@ -189,7 +189,8 @@ func Skip() config.User { } path := home + "/.express-cli/.express.config.json" - contents, err := os.ReadFile(path) + sanitizedPath := p.Clean(path) + contents, err := os.ReadFile(sanitizedPath) if err != nil { fmt.Println(err) os.Exit(1) diff --git a/lib/cmd/version.go b/lib/cmd/version.go index 856ee4b..063c097 100644 --- a/lib/cmd/version.go +++ b/lib/cmd/version.go @@ -2,6 +2,7 @@ package cmd import ( "fmt" + "path/filepath" "runtime" "os" @@ -44,8 +45,8 @@ func printVersion() { } else { file = data + "/version.js" } - - version, err := exec.Command("node", file).Output() + cleaned_File := filepath.Clean(file) + version, err := exec.Command("node", cleaned_File).Output() errors.Check_Err(err) fmt.Print("Express CLI is at version " + config.Green + string(version) + config.Green) diff --git a/lib/functions/config/helper.go b/lib/functions/config/helper.go index 9832c14..ff56229 100644 --- a/lib/functions/config/helper.go +++ b/lib/functions/config/helper.go @@ -112,12 +112,13 @@ func CreateFolderAndWriteConfig(preferences User) { folderPath := filepath.Join(userProfile, ".express-cli") filePath := filepath.Join(folderPath, ".express.config.json") - if err = os.MkdirAll(folderPath, 0755); err != nil { + if err = os.MkdirAll(folderPath, 0750); err != nil { fmt.Printf("\x1b[31;4mError creating folder: %v\x1b[0m\n", err) return } - file, err := os.Create(filePath) + sanitizedFilePath := filepath.Clean(filePath) + file, err := os.Create(sanitizedFilePath) if err != nil { fmt.Printf("\x1b[31;4mError creating file: %v\x1b[0m\n", err) return diff --git a/lib/process/dependencies.go b/lib/process/dependencies.go index 8900200..72e5810 100644 --- a/lib/process/dependencies.go +++ b/lib/process/dependencies.go @@ -10,6 +10,7 @@ import ( "os" "os/exec" "path" + "path/filepath" "github.com/urizennnn/express-cli/errors" ) @@ -19,7 +20,7 @@ type Dependency struct { Dev []string `json:"dev"` } -func InstallDependenciesUnix(ext, manager, cwd string) { +func InstallDependencies(ext, manager, cwd string) { var jointPath string switch ext { case "js": @@ -57,7 +58,8 @@ func InstallDependenciesUnix(ext, manager, cwd string) { } for _, dep := range dependency.Dependencies { - command := exec.Command(manager, "install", dep) + cleaned_Dep := filepath.Clean(dep) + command := exec.Command(manager, "install", cleaned_Dep) command.Dir = cwd err = command.Run() if err != nil { @@ -67,7 +69,8 @@ func InstallDependenciesUnix(ext, manager, cwd string) { } for _, dev := range dependency.Dev { - command := exec.Command(manager, "install", "--save-dev", dev) + cleaned_Dev := filepath.Clean(dev) + command := exec.Command(manager, "install", "--save-dev", cleaned_Dev) command.Dir = cwd err = command.Run() if err != nil { diff --git a/lib/process/template.go b/lib/process/template.go index 8fc18b2..7038827 100644 --- a/lib/process/template.go +++ b/lib/process/template.go @@ -21,10 +21,10 @@ func CopyFile(srcPath, destPath string, fsys embed.FS) error { input, err := fsys.ReadFile(srcPath) errors.Check_Err(err) - err = os.MkdirAll(path.Dir(destPath), 0755) + err = os.MkdirAll(path.Dir(destPath), 0750) errors.Check_Err(err) - err = os.WriteFile(destPath, input, 0644) + err = os.WriteFile(destPath, input, 0600) errors.Check_Err(err) return nil @@ -68,7 +68,7 @@ func CopyFilesToCWD(cwd, name, manager, ext string, ctx context.CancelFunc) erro fmt.Println("\033[31m" + "folder already exists" + "\033[0m") os.Exit(1) } - if err := os.MkdirAll(folderPath, 0755); err != nil { + if err := os.MkdirAll(folderPath, 0750); err != nil { errors.Check_Err(err) } fmt.Printf("This is manager %v", manager) @@ -87,7 +87,7 @@ func CopyFilesToCWD(cwd, name, manager, ext string, ctx context.CancelFunc) erro if err := copyDirRecursive(jointPath, folderPath, TemplateDir, ext); err != nil { errors.Check_Err(err) } - InstallDependenciesUnix(ext, manager, folderPath) + InstallDependencies(ext, manager, folderPath) gitInit(folderPath) var language string switch ext { diff --git a/lib/process/win-dep.go b/lib/process/win-dep.go index 7042ca3..41df7c3 100644 --- a/lib/process/win-dep.go +++ b/lib/process/win-dep.go @@ -20,7 +20,7 @@ type Dependency struct { Dev []string `json:"dev"` } -func InstallDependenciesUnix(ext, manager, cwd string) { +func InstallDependencies(ext, manager, cwd string) { var jointPath string switch ext { case "js":