Commit Graph

58 Commits

Author SHA1 Message Date
Evan Simkowitz
1fc6dd7c1a
Fix code scanning alert no. 50: Size computation for allocation may overflow (#1088)
Fixes
[https://github.com/wavetermdev/waveterm/security/code-scanning/50](https://github.com/wavetermdev/waveterm/security/code-scanning/50)

To fix the problem, we need to ensure that the size computation for the
allocation does not overflow. This can be achieved by validating the
length of `barr` before performing the arithmetic operation. We will set
a maximum allowable size for `barr` to ensure that the sum of
`oscPrefixLen(oscNum)` and `len(barr)` does not exceed the maximum value
for an `int`.

1. Define a maximum allowable size for `barr` (e.g., 64 MB).
2. Check the length of `barr` against this maximum size before
performing the allocation.
3. If `barr` exceeds the maximum size, return an error.


_Suggested fixes powered by Copilot Autofix. Review carefully before
merging._

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
2024-10-21 14:05:52 -07:00
Mike Sawka
dc70ab4014
ws reconnection bug + clean up logging (#1058) 2024-10-17 23:42:55 -07:00
Mike Sawka
2fa88c4e50
add term:localshellopts (#914) 2024-09-30 21:19:07 -07:00
Mike Sawka
29b80bc028
support fish shell with wsh (#874) 2024-09-26 15:34:52 -07:00
Evan Simkowitz
ccf344d107
Fix path traversal vulnerabilities (#817)
Properly validate expanded paths to ensure they are not attempting path
traversal attacks
2024-09-24 18:24:39 -07:00
Evan Simkowitz
936d4bfb30
Migrate websocket eventbus messages to wps (#367)
This migrates all remaining eventbus events sent over the websocket to
use the wps interface. WPS is more flexible for registering events and
callbacks and provides support for more reliable unsubscribes and
resubscribes.
2024-09-11 18:03:55 -07:00
Mike Sawka
8ad84fd78a
update all gopkg imports (#330) 2024-09-05 14:25:45 -07:00
Mike Sawka
3e0ca6b41e
connection handling / block controller handling (#326) 2024-09-05 00:21:08 -07:00
sawka
1975b9b1db connstatus icon 2024-08-30 14:36:16 -07:00
Sylvie Crowe
934d7247db
Store TermSize in RuntimeOpts on Resize (#293)
This keeps the TermSize in RuntimeOpts which allows the terminally to be
correctly sized when reloading a block. Also, it seems to correctly size
the terminal on an app reboot (or at least immediately fixes it).
2024-08-29 20:13:02 -07:00
Sylvie Crowe
636d71e652
Change Connection UI (#269)
This allows the user to select different connections from the terminal
block. Some features include:
- a status bar at the top of the term block that shows your current
connection
- an icon next to the status bar that shows whether the connection is
currently connected
- the ability to click the status bar and type in a new connection in
order to change the current connection

---------

Co-authored-by: sawka <mike.sawka@gmail.com>
2024-08-23 18:12:40 -07:00
Mike Sawka
037497e7f1
wsh edit working (#252) 2024-08-20 14:56:48 -07:00
Mike Sawka
85874f92ca
set up remote connserver (#245) 2024-08-18 21:26:44 -07:00
Sylvie Crowe
c30188552f
Add Unix Domain Socket Listener when Establishing Connections (#243)
This makes it possible to send wsh commands from wsh on a remote session
to wavesrv running locally. The exact behavior of running those commands
isn't implemented, but the underlying interface is added here.
2024-08-17 11:21:25 -07:00
Sylvie Crowe
6bc3054733
SSH Wsh Install (#225)
This change adds the wsh installation to remote shells, so they have
access to its commands.
2024-08-15 21:32:08 -07:00
Mike Sawka
844451ea0d
wsh routing + proxy (#224)
lots of changes, including:
* source/route to rpcmessage
* rpcproxy
* wshrouter
* bug fixing
* wps uses routeids not clients
2024-08-13 16:52:35 -07:00
sawka
a2aef5b0ce add wsh term to open a new terminal in directory 2024-08-12 16:14:19 -07:00
sawka
f464223aab switch from 'main' to 'term' for main terminal blockfile 2024-08-12 15:53:34 -07:00
Sylvie Crowe
c192fe2663
Windows Pty (#206)
Add Windows Pty support, so the terminal works properly on windows
machines
2024-08-09 18:49:35 -07:00
Mike Sawka
5165d099c2
wsh working over domain socket (and assorted bug fixes) (#217) 2024-08-09 17:46:52 -07:00
Mike Sawka
cfc875bc21
metadata updates (frontend typing) (#174) 2024-07-30 12:33:28 -07:00
Mike Sawka
551802dbd7
background support (from metadata). colors, gradients, images. (#168) 2024-07-29 11:55:10 -07:00
Mike Sawka
9df9c99fbd
checkpoint on domain sockets + update background colors + transparency (#160) 2024-07-26 13:30:11 -07:00
Sylvie Crowe
3162ad2c41
Directory Context Menus (#155)
This adds the ability to open a directory as a terminal in a new block.
it uses the directory table items for child directories and the block
header for the current directory.
2024-07-26 00:48:12 -07:00
Mike Sawka
6c2ef6cb99
working on vdom implementation, other fixes (#136) 2024-07-23 13:16:53 -07:00
Sylvie Crowe
f0263865bd
Remote Pty Resize (#123)
fix: set SIGWINCH on remote pty blocks
2024-07-18 16:56:00 -07:00
Mike Sawka
01b5d71709
new wshrpc mechanism (#112)
lots of changes. new wshrpc implementation. unify websocket, web,
blockcontroller, domain sockets, and terminal inputs to all use the new
rpc system.

lots of moving files around to deal with circular dependencies

use new wshrpc as a client in wsh cmd
2024-07-17 15:24:43 -07:00
Sylvie Crowe
3385608b4a
SSH Port (#111)
This enables basic ssh for connections using publickey auth without a
passphrase. It can be established by creating a widget with the "meta"
property set to
```
{
    "connection": "<user>@<host>:<port>"
}
```
where the :<port> is optional.

---------

Co-authored-by: sawka <mike.sawka@gmail.com>
2024-07-15 18:00:10 -07:00
sawka
7bf64fb268 wsh view works -- uses a WS event to send to the frontend 2024-06-24 19:04:08 -07:00
Mike Sawka
77b5acfc5a
cmd blocks (#74) 2024-06-24 14:34:31 -07:00
sawka
e7550c0a3e add block icon 2024-06-21 15:15:38 -07:00
Mike Sawka
5e655c7c55
refactor cmdqueue out of blockcontroller (#65) 2024-06-20 16:01:55 -07:00
Mike Sawka
0a19aa31d4
working on wsh createblock (wsh view). bug fix for emain closed windows (#64) 2024-06-20 00:00:00 -07:00
Mike Sawka
4ded6d94b6
stickers and terminal serialization (#57) 2024-06-17 22:38:48 -07:00
Mike Sawka
e46906d423
wsh rpc working (#55)
lots of iterations on an RPC protocol. getting wsh working with a
getmeta/setmeta command in addition to html mode.
2024-06-17 09:58:28 -07:00
sawka
014c6fb2ec redo ptybuffer, move to wshutil to help with stdin processing. change wsh to use cobra 2024-06-14 14:43:47 -07:00
Mike Sawka
8e3540f754
working on ijson and wsh magic (#53) 2024-06-13 23:54:04 -07:00
Mike Sawka
0f992c535d
working on wave OSC escapes, modes for the terminal (#46) 2024-06-13 14:41:28 -07:00
sawka
336dd0c0e3 unify the logging between electron and wavesrv (emain now proxies the wavesrv logs) 2024-06-12 19:33:44 -07:00
sawka
8a71180f20 implement wscommand using type union interface, send resize events there 2024-06-12 14:18:03 -07:00
sawka
083e00227e update BlockService to use the new type union feature of tsgen. strongly type the arguments to BlockService.SendCommand 2024-06-12 13:47:13 -07:00
Mike Sawka
1874d9a252
port to electron (#33) 2024-06-11 17:42:10 -07:00
sawka
c191fc8945 rename blockstore to filestore. rename blockid to zoneid. 2024-06-03 13:03:21 -07:00
sawka
02cda396e8 restore terminal state when loading term view 2024-05-29 00:28:25 -07:00
sawka
bff46d9822 write pty output to blockstore. initialize blockstore file on controller start. create frontend api to read the blockfile 2024-05-28 21:44:47 -07:00
sawka
e6d7a4e674 app is working again. new structure for blocks. new useWaveObjectValueWithSuspense hook 2024-05-27 15:44:57 -07:00
sawka
b87786febf checkpoint -- generic updates, wave object store, new setup for initialization, atoms, etc. lots of progress 2024-05-27 13:59:58 -07:00
sawka
b1aaba2a37 moving hard to OID model 2024-05-26 11:59:14 -07:00
sawka
134ba3c34c checkpoint on integratng wstore. moved to wails data structures, got immer working again, Window object, transitioned to generic DB ops, lots more 2024-05-24 15:08:24 -06:00
sawka
f3383d1847 new wstore package, move core types to there. create a syncmap 2024-05-20 15:57:15 -07:00