Commit Graph

17 Commits

Author SHA1 Message Date
Evan Simkowitz
1fc6dd7c1a
Fix code scanning alert no. 50: Size computation for allocation may overflow (#1088)
Fixes
[https://github.com/wavetermdev/waveterm/security/code-scanning/50](https://github.com/wavetermdev/waveterm/security/code-scanning/50)

To fix the problem, we need to ensure that the size computation for the
allocation does not overflow. This can be achieved by validating the
length of `barr` before performing the arithmetic operation. We will set
a maximum allowable size for `barr` to ensure that the sum of
`oscPrefixLen(oscNum)` and `len(barr)` does not exceed the maximum value
for an `int`.

1. Define a maximum allowable size for `barr` (e.g., 64 MB).
2. Check the length of `barr` against this maximum size before
performing the allocation.
3. If `barr` exceeds the maximum size, return an error.


_Suggested fixes powered by Copilot Autofix. Review carefully before
merging._

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
2024-10-21 14:05:52 -07:00
Mike Sawka
8ad84fd78a
update all gopkg imports (#330) 2024-09-05 14:25:45 -07:00
Mike Sawka
037497e7f1
wsh edit working (#252) 2024-08-20 14:56:48 -07:00
Mike Sawka
85874f92ca
set up remote connserver (#245) 2024-08-18 21:26:44 -07:00
Sylvie Crowe
c30188552f
Add Unix Domain Socket Listener when Establishing Connections (#243)
This makes it possible to send wsh commands from wsh on a remote session
to wavesrv running locally. The exact behavior of running those commands
isn't implemented, but the underlying interface is added here.
2024-08-17 11:21:25 -07:00
Mike Sawka
844451ea0d
wsh routing + proxy (#224)
lots of changes, including:
* source/route to rpcmessage
* rpcproxy
* wshrouter
* bug fixing
* wps uses routeids not clients
2024-08-13 16:52:35 -07:00
Mike Sawka
c4a0e85d32
update wsh code for easier creation of client servers (for readfile/readdir/fileinfo) (#218) 2024-08-12 10:58:39 -07:00
sawka
4498ca8e9d allow 'this' for blockid 2024-08-09 18:37:23 -07:00
Mike Sawka
5165d099c2
wsh working over domain socket (and assorted bug fixes) (#217) 2024-08-09 17:46:52 -07:00
Mike Sawka
9df9c99fbd
checkpoint on domain sockets + update background colors + transparency (#160) 2024-07-26 13:30:11 -07:00
Mike Sawka
6c2ef6cb99
working on vdom implementation, other fixes (#136) 2024-07-23 13:16:53 -07:00
Mike Sawka
01b5d71709
new wshrpc mechanism (#112)
lots of changes. new wshrpc implementation. unify websocket, web,
blockcontroller, domain sockets, and terminal inputs to all use the new
rpc system.

lots of moving files around to deal with circular dependencies

use new wshrpc as a client in wsh cmd
2024-07-17 15:24:43 -07:00
Mike Sawka
e46906d423
wsh rpc working (#55)
lots of iterations on an RPC protocol. getting wsh working with a
getmeta/setmeta command in addition to html mode.
2024-06-17 09:58:28 -07:00
sawka
014c6fb2ec redo ptybuffer, move to wshutil to help with stdin processing. change wsh to use cobra 2024-06-14 14:43:47 -07:00
Mike Sawka
8e3540f754
working on ijson and wsh magic (#53) 2024-06-13 23:54:04 -07:00
Mike Sawka
0f992c535d
working on wave OSC escapes, modes for the terminal (#46) 2024-06-13 14:41:28 -07:00
sawka
cf8ae548e8 checkpoint, some wsh stuff 2024-05-18 11:09:27 -07:00