Дмитрий
114 lines
4.5 KiB
JavaScript
114 lines
4.5 KiB
JavaScript
#!/usr/bin/env node
|
|
/**
|
|
* PreToolUse PowerShell gate (router-gate v4 §5.1.2). Зеркало Bash-гейта:
|
|
* default-deny whitelist + hard-blacklist (keep v3.8 F1 + v4.1 G10) +
|
|
* injection + path-deny + git через shared classifyGitCommand. Fail-CLOSE.
|
|
*/
|
|
import { fileURLToPath } from 'url';
|
|
import {
|
|
defaultPathNormalize,
|
|
DEFAULT_PROTECTED_PATTERNS,
|
|
pathDenyOverlay,
|
|
classifyGitCommand,
|
|
loadApprovedGitOps,
|
|
matchPsHardBlacklist,
|
|
PS_HARD_BLACKLIST,
|
|
} from './shell-content-rules.mjs';
|
|
import { readStdin, parseEventJson, exitDecision } from './enforce-hook-helpers.mjs';
|
|
|
|
// M7 PS single-source (P-1 зеркало): PS_HARD_BLACKLIST + matchPsHardBlacklist живут в едином доме
|
|
// shell-content-rules; ре-экспорт для обратной совместимости (тесты + тело гейта зовут локально).
|
|
export { matchPsHardBlacklist, PS_HARD_BLACKLIST };
|
|
|
|
// PowerShell — лёгкий сплиттер по ; | && || (без shell-quote: иной синтаксис).
|
|
export function tokenizePowerShell(command) {
|
|
const parts = String(command || '').split(/\s*(?:\|\||&&|[;|])\s*/).filter((p) => p.trim() !== '');
|
|
return parts.map((p) => {
|
|
const trimmed = p.trim();
|
|
const m = trimmed.match(/^([A-Za-z][\w-]*|\[[^\]]+\]::\w+|\$env:[A-Za-z_]+)/);
|
|
return { raw: trimmed, cmd: (m ? m[1] : trimmed).toLowerCase() };
|
|
});
|
|
}
|
|
|
|
// whitelist cmdlets (lowercased) + aliases
|
|
const PS_READING = new Set([
|
|
'get-childitem', 'gci', 'ls', 'dir', 'select-string', 'sls', 'get-content', 'gc', 'cat', 'type',
|
|
'get-item', 'gi', 'get-itemproperty', 'gp',
|
|
]);
|
|
const PS_SAFE = new Set([
|
|
'test-path', 'resolve-path', 'rvpa', 'get-location', 'gl', 'pwd', 'get-process', 'gps', 'ps',
|
|
'get-date', 'measure-object', 'sort-object', 'where-object', 'foreach-object', 'select-object',
|
|
]);
|
|
|
|
function psPathArgs(raw) {
|
|
// tokens после команды; убираем флаги (-X), оператор -Path сам по себе тоже флаг
|
|
const toks = raw.split(/\s+/).slice(1);
|
|
const out = [];
|
|
for (const t of toks) {
|
|
if (t.startsWith('-')) continue;
|
|
if (t.startsWith('"') || t.startsWith("'") || /[\/\\~.]/.test(t)) out.push(t.replace(/^['"]|['"]$/g, ''));
|
|
}
|
|
return out;
|
|
}
|
|
|
|
export function classifyPowerShellCommand(command, ctx = {}) {
|
|
const s = String(command || '');
|
|
if (s.trim() === '') return { result: 'block', reason: 'пустая команда' };
|
|
|
|
const hb = matchPsHardBlacklist(s);
|
|
if (hb) return { result: 'block', reason: hb };
|
|
|
|
const segs = tokenizePowerShell(s);
|
|
for (const seg of segs) {
|
|
if (seg.cmd === 'git') {
|
|
const git = classifyGitCommand(seg.raw, ctx);
|
|
if (git && git.result === 'block') return git;
|
|
if (git) continue; // allowed git segment
|
|
}
|
|
if (PS_READING.has(seg.cmd)) {
|
|
const pd = pathDenyOverlay({
|
|
candidatePaths: psPathArgs(seg.raw),
|
|
pathNormalize: ctx.pathNormalize,
|
|
protectedPaths: ctx.protectedPaths,
|
|
});
|
|
if (pd.block) return { result: 'block', reason: pd.reason };
|
|
continue;
|
|
}
|
|
if (PS_SAFE.has(seg.cmd)) continue;
|
|
return { result: 'block', reason: `cmdlet «${seg.cmd}» не в whitelist — default-deny (§5.1.2)` };
|
|
}
|
|
return { result: 'allow', reason: 'whitelisted PowerShell command(s)' };
|
|
}
|
|
|
|
async function resolvePathNormalize() {
|
|
try {
|
|
const mod = await import('./path-normalization.mjs');
|
|
if (typeof mod.pathNormalize === 'function') return mod.pathNormalize;
|
|
if (typeof mod.default === 'function') return mod.default;
|
|
} catch { /* Stream A not merged */ }
|
|
return defaultPathNormalize;
|
|
}
|
|
|
|
async function main() {
|
|
try {
|
|
const raw = await readStdin();
|
|
const event = parseEventJson(raw);
|
|
if (event.tool_name !== 'PowerShell') { exitDecision({ block: false }); return; }
|
|
const command = (event.tool_input && event.tool_input.command) || '';
|
|
const sessionId = event.session_id || 'unknown';
|
|
const ctx = {
|
|
approvedGitOps: loadApprovedGitOps(sessionId),
|
|
pathNormalize: await resolvePathNormalize(),
|
|
protectedPaths: DEFAULT_PROTECTED_PATTERNS,
|
|
now: Date.now(),
|
|
};
|
|
const verdict = classifyPowerShellCommand(command, ctx);
|
|
exitDecision(verdict.result === 'block' ? { block: true, message: `[powershell-gate] ${verdict.reason}` } : { block: false });
|
|
} catch {
|
|
exitDecision({ block: true, message: '[powershell-gate] внутренняя ошибка — fail-CLOSE' });
|
|
}
|
|
}
|
|
|
|
const isCli = process.argv[1] && fileURLToPath(import.meta.url) === process.argv[1];
|
|
if (isCli) main();
|