From 336303389a53c60d1f3bd598131020ecbea89590 Mon Sep 17 00:00:00 2001 From: roboogg133 Date: Fri, 1 Aug 2025 17:12:06 -0300 Subject: [PATCH] changing shellscripts to lua scripts for safety and control --- cmd/packets/main.go | 11 ++++++ go.mod | 3 +- go.sum | 6 ++-- internal/internal.go | 86 +++++++++++++++++++++++++++++++++++++++++++- 4 files changed, 102 insertions(+), 4 deletions(-) diff --git a/cmd/packets/main.go b/cmd/packets/main.go index 8d12b08..de05351 100644 --- a/cmd/packets/main.go +++ b/cmd/packets/main.go @@ -28,6 +28,7 @@ import ( "github.com/BurntSushi/toml" "github.com/klauspost/compress/zstd" "github.com/schollz/progressbar/v3" + lua "github.com/yuin/gopher-lua" "golang.org/x/net/ipv4" _ "modernc.org/sqlite" ) @@ -534,6 +535,16 @@ func Install(packagepath string, serial uint) error { // TODO LUA SCRIPT + L := lua.NewState() + defer L.Close() + + L.SetGlobal("packets_package_dir", lua.LString(cfg.Config.DataDir)) + L.SetGlobal("packets_bin_dir", lua.LString(cfg.Config.BinDir)) + + if err := L.DoFile(manifest.Hooks.Install); err != nil { + log.Panic(err) + } + fmt.Printf("Package %s fully installed\n", name) var insert = Installed{ diff --git a/go.mod b/go.mod index 40f401b..11b7587 100644 --- a/go.mod +++ b/go.mod @@ -4,8 +4,9 @@ go 1.24.4 require ( github.com/BurntSushi/toml v1.5.0 + github.com/klauspost/compress v1.18.0 github.com/schollz/progressbar/v3 v3.18.0 - github.com/ulikunitz/xz v0.5.12 + github.com/yuin/gopher-lua v1.1.1 golang.org/x/net v0.41.0 modernc.org/sqlite v1.38.0 ) diff --git a/go.sum b/go.sum index 46f084f..8886a56 100644 --- a/go.sum +++ b/go.sum @@ -10,6 +10,8 @@ github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e h1:ijClszYn+mADRFY17k github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo= +github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc= @@ -28,8 +30,8 @@ github.com/schollz/progressbar/v3 v3.18.0 h1:uXdoHABRFmNIjUfte/Ex7WtuyVslrw2wVPQ github.com/schollz/progressbar/v3 v3.18.0/go.mod h1:IsO3lpbaGuzh8zIMzgY3+J8l4C8GjO0Y9S69eFvNsec= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc= -github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= +github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M= +github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw= golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0 h1:R84qjqJb5nVJMxqWYb3np9L5ZsaDtB+a39EqjV0JSUM= golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0/go.mod h1:S9Xr4PYopiDyqSyp5NjCrhFrqg6A5zA2E/iPHPhqnS8= golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU= diff --git a/internal/internal.go b/internal/internal.go index 640bba6..9cd6431 100644 --- a/internal/internal.go +++ b/internal/internal.go @@ -6,10 +6,12 @@ import ( "io" "os" "os/exec" + "path/filepath" "strings" "github.com/BurntSushi/toml" "github.com/klauspost/compress/zstd" + lua "github.com/yuin/gopher-lua" ) type ConfigTOML struct { @@ -80,7 +82,7 @@ func ManifestReadXZ(path string) (*Manifest, error) { var manifest Manifest - decoder.Decode(manifest) + decoder.Decode(&manifest) return &manifest, nil } @@ -117,3 +119,85 @@ func DefaultConfigTOML() *ConfigTOML { } } + +func IsSafe(str string) bool { + s, err := filepath.EvalSymlinks(filepath.Clean(str)) + if err != nil { + return false + } + var cfg ConfigTOML + toml.DecodeFile(filepath.Join(PacketsPackageDir(), "config.toml"), &cfg) + + if strings.HasPrefix(s, cfg.Config.DataDir) || strings.HasPrefix(s, cfg.Config.BinDir) { + return true + + } else if strings.Contains(s, ".ssh") { + return false + + } else if strings.HasPrefix(s, "/etc") { + return false + + } else if strings.HasPrefix(s, "/usr") || strings.HasPrefix(s, "/bin") { + + return strings.HasPrefix(s, "/usr/share") + + } else if strings.HasPrefix(s, "/var/mail") { + return false + + } else if strings.HasPrefix(s, "/proc") { + return false + + } else if strings.HasPrefix(s, "/sys") { + return false + + } else if strings.HasPrefix(s, "/var/run") || strings.HasPrefix(s, "/run") { + return false + + } else if strings.HasPrefix(s, "/tmp") { + return false + + } else if strings.HasPrefix(s, "/dev") { + return false + + } else if strings.HasPrefix(s, "/boot") { + return false + + } else if strings.HasPrefix(s, "/home") { + if strings.Contains(s, "/Pictures") || strings.Contains(s, "/Videos") || strings.Contains(s, "/Documents") || strings.Contains(s, "/Downloads") { + return false + } + + } else if strings.HasPrefix(s, "/lib") || strings.HasPrefix(s, "/lib64") || strings.HasPrefix(s, "/var/lib64") || strings.HasPrefix(s, "/lib") { + return false + + } else if strings.HasPrefix(s, "/sbin") { + return false + + } else if strings.HasPrefix(s, "/srv") { + return false + + } else if strings.HasPrefix(s, "/mnt") { + return false + + } else if strings.HasPrefix(s, "/media") { + return false + } else if strings.HasPrefix(s, "/snap") { + return false + } + + return true +} + +func safeRemove(L *lua.LState) int { + path := L.CheckString(1) + if !strings.HasPrefix(path, safeBase) { + L.Push(lua.LString("acesso negado")) + return 1 + } + err := os.Remove(path) + if err != nil { + L.Push(lua.LString(err.Error())) + return 1 + } + return 0 +}