Fixes
[https://github.com/wavetermdev/waveterm/security/code-scanning/50](https://github.com/wavetermdev/waveterm/security/code-scanning/50)
To fix the problem, we need to ensure that the size computation for the
allocation does not overflow. This can be achieved by validating the
length of `barr` before performing the arithmetic operation. We will set
a maximum allowable size for `barr` to ensure that the sum of
`oscPrefixLen(oscNum)` and `len(barr)` does not exceed the maximum value
for an `int`.
1. Define a maximum allowable size for `barr` (e.g., 64 MB).
2. Check the length of `barr` against this maximum size before
performing the allocation.
3. If `barr` exceeds the maximum size, return an error.
_Suggested fixes powered by Copilot Autofix. Review carefully before
merging._
---------
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
This migrates all remaining eventbus events sent over the websocket to
use the wps interface. WPS is more flexible for registering events and
callbacks and provides support for more reliable unsubscribes and
resubscribes.
This keeps the TermSize in RuntimeOpts which allows the terminally to be
correctly sized when reloading a block. Also, it seems to correctly size
the terminal on an app reboot (or at least immediately fixes it).
This allows the user to select different connections from the terminal
block. Some features include:
- a status bar at the top of the term block that shows your current
connection
- an icon next to the status bar that shows whether the connection is
currently connected
- the ability to click the status bar and type in a new connection in
order to change the current connection
---------
Co-authored-by: sawka <mike.sawka@gmail.com>
This makes it possible to send wsh commands from wsh on a remote session
to wavesrv running locally. The exact behavior of running those commands
isn't implemented, but the underlying interface is added here.
This adds the ability to open a directory as a terminal in a new block.
it uses the directory table items for child directories and the block
header for the current directory.
lots of changes. new wshrpc implementation. unify websocket, web,
blockcontroller, domain sockets, and terminal inputs to all use the new
rpc system.
lots of moving files around to deal with circular dependencies
use new wshrpc as a client in wsh cmd
This enables basic ssh for connections using publickey auth without a
passphrase. It can be established by creating a widget with the "meta"
property set to
```
{
"connection": "<user>@<host>:<port>"
}
```
where the :<port> is optional.
---------
Co-authored-by: sawka <mike.sawka@gmail.com>