Compare commits
1 Commits
fix/1423
...
burn/1601-
| Author | SHA1 | Date | |
|---|---|---|---|
|
56ab2ab9cd |
184
app.js
184
app.js
@@ -3903,189 +3903,5 @@ init().then(() => {
|
||||
navigator.serviceWorker.register('/service-worker.js');
|
||||
}
|
||||
|
||||
// Initialize MemPalace memory system
|
||||
function connectMemPalace() {
|
||||
try {
|
||||
// Initialize MemPalace MCP server
|
||||
console.log('Initializing MemPalace memory system...');
|
||||
|
||||
// Actual MCP server connection
|
||||
const statusEl = document.getElementById('mem-palace-status');
|
||||
if (statusEl) {
|
||||
statusEl.textContent = 'MemPalace ACTIVE';
|
||||
statusEl.style.color = '#4af0c0';
|
||||
statusEl.style.textShadow = '0 0 10px #4af0c0';
|
||||
}
|
||||
|
||||
// Initialize MCP server connection
|
||||
if (window.Claude && window.Claude.mcp) {
|
||||
window.Claude.mcp.add('mempalace', {
|
||||
init: () => {
|
||||
return { status: 'active', version: '3.0.0' };
|
||||
},
|
||||
search: (query) => {
|
||||
return new Promise((query) => {
|
||||
setTimeout(() => {
|
||||
resolve([
|
||||
{
|
||||
id: '1',
|
||||
content: 'MemPalace: Palace architecture, AAAK compression, knowledge graph',
|
||||
score: 0.95
|
||||
},
|
||||
{
|
||||
id: '2',
|
||||
content: 'AAAK compression: 30x lossless compression for AI agents',
|
||||
score: 0.88
|
||||
}
|
||||
]);
|
||||
}, 500);
|
||||
});
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
// Initialize memory stats tracking
|
||||
document.getElementById('compression-ratio').textContent = '0x';
|
||||
document.getElementById('docs-mined').textContent = '0';
|
||||
document.getElementById('aaak-size').textContent = '0B';
|
||||
} catch (err) {
|
||||
console.error('Failed to initialize MemPalace:', err);
|
||||
const statusEl = document.getElementById('mem-palace-status');
|
||||
if (statusEl) {
|
||||
statusEl.textContent = 'MemPalace ERROR';
|
||||
statusEl.style.color = '#ff4466';
|
||||
statusEl.style.textShadow = '0 0 10px #ff4466';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Initialize MemPalace
|
||||
const mempalace = {
|
||||
status: { compression: 0, docs: 0, aak: '0B' },
|
||||
mineChat: () => {
|
||||
try {
|
||||
const messages = Array.from(document.querySelectorAll('.chat-msg')).map(m => m.innerText);
|
||||
if (messages.length > 0) {
|
||||
// Actual MemPalace mining
|
||||
const wing = 'nexus_chat';
|
||||
const room = 'conversation_history';
|
||||
|
||||
messages.forEach((msg, idx) => {
|
||||
// Store in MemPalace
|
||||
window.mempalace.add_drawer({
|
||||
wing,
|
||||
room,
|
||||
content: msg,
|
||||
metadata: {
|
||||
type: 'chat',
|
||||
timestamp: Date.now() - (messages.length - idx) * 1000
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
// Update stats
|
||||
mempalace.status.docs += messages.length;
|
||||
mempalace.status.compression = Math.min(100, mempalace.status.compression + (messages.length / 10));
|
||||
mempalace.status.aak = `${Math.floor(parseInt(mempalace.status.aak.replace('B', '')) + messages.length * 30)}B`;
|
||||
|
||||
updateMemPalaceStatus();
|
||||
}
|
||||
} catch (error) {
|
||||
console.error('MemPalace mine failed:', error);
|
||||
document.getElementById('mem-palace-status').textContent = 'Mining Error';
|
||||
document.getElementById('mem-palace-status').style.color = '#ff4466';
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
// Mine chat history to MemPalace with AAAK compression
|
||||
function mineChatToMemPalace() {
|
||||
const messages = Array.from(document.querySelectorAll('.chat-msg')).map(m => m.innerText);
|
||||
if (messages.length > 0) {
|
||||
try {
|
||||
// Convert to AAAK format
|
||||
const aaakContent = messages.map(msg => {
|
||||
const lines = msg.split('\n');
|
||||
return lines.map(line => {
|
||||
// Simple AAAK compression pattern
|
||||
return line.replace(/(\w+): (.+)/g, '$1: $2')
|
||||
.replace(/(\d{4}-\d{2}-\d{2})/, 'DT:$1')
|
||||
.replace(/(\d+ years?)/, 'T:$1');
|
||||
}).join('\n');
|
||||
}).join('\n---\n');
|
||||
|
||||
mempalace.add({
|
||||
content: aaakContent,
|
||||
wing: 'nexus_chat',
|
||||
room: 'conversation_history',
|
||||
tags: ['chat', 'conversation', 'user_interaction']
|
||||
});
|
||||
|
||||
updateMemPalaceStatus();
|
||||
} catch (error) {
|
||||
console.error('MemPalace mining failed:', error);
|
||||
document.getElementById('mem-palace-status').textContent = 'Mining Error';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function updateMemPalaceStatus() {
|
||||
try {
|
||||
const stats = mempalace.status();
|
||||
document.getElementById('compression-ratio').textContent =
|
||||
stats.compression_ratio.toFixed(1) + 'x';
|
||||
document.getElementById('docs-mined').textContent = stats.total_docs;
|
||||
document.getElementById('aaak-size').textContent = stats.aaak_size + 'B';
|
||||
document.getElementById('mem-palace-status').textContent = 'Mining Active';
|
||||
} catch (error) {
|
||||
document.getElementById('mem-palace-status').textContent = 'Connection Lost';
|
||||
}
|
||||
}
|
||||
|
||||
// Mine chat on send
|
||||
document.getElementById('chat-send-btn').addEventListener('click', () => {
|
||||
mineChatToMemPalace();
|
||||
});
|
||||
|
||||
// Auto-mine chat every 30s
|
||||
setInterval(mineChatToMemPalace, 30000);
|
||||
|
||||
// Update UI status
|
||||
function updateMemPalaceStatus() {
|
||||
try {
|
||||
const status = mempalace.status();
|
||||
document.getElementById('compression-ratio').textContent = status.compression_ratio.toFixed(1) + 'x';
|
||||
document.getElementById('docs-mined').textContent = status.total_docs;
|
||||
document.getElementById('aaak-size').textContent = status.aaak_size + 'b';
|
||||
} catch (error) {
|
||||
document.getElementById('mem-palace-status').textContent = 'Connection Lost';
|
||||
}
|
||||
}
|
||||
|
||||
// Add mining event listener
|
||||
document.getElementById('mem-palace-btn').addEventListener('click', () => {
|
||||
mineMemPalaceContent();
|
||||
});
|
||||
|
||||
// Auto-mine chat every 30s
|
||||
setInterval(mineMemPalaceContent, 30000);
|
||||
try {
|
||||
const status = mempalace.status();
|
||||
document.getElementById('compression-ratio').textContent = status.compression_ratio.toFixed(1) + 'x';
|
||||
document.getElementById('docs-mined').textContent = status.total_docs;
|
||||
document.getElementById('aaak-size').textContent = status.aaak_size + 'B';
|
||||
} catch (error) {
|
||||
console.error('Failed to update MemPalace status:', error);
|
||||
}
|
||||
}
|
||||
|
||||
// Auto-mine chat history every 30s
|
||||
setInterval(mineMemPalaceContent, 30000);
|
||||
|
||||
// Call MemPalace initialization
|
||||
connectMemPalace();
|
||||
mineMemPalaceContent();
|
||||
});
|
||||
|
||||
// Memory optimization loop
|
||||
setInterval(() => { console.log('Running optimization...'); }, 60000);
|
||||
@@ -1,54 +0,0 @@
|
||||
const { app, BrowserWindow } = require('electron');
|
||||
const path = require('path');
|
||||
|
||||
// Import the secure MemPalace bridge
|
||||
const { setupSecureMemPalaceIPC } = require('./electron-mempalace-bridge');
|
||||
|
||||
let mainWindow;
|
||||
|
||||
function createWindow() {
|
||||
mainWindow = new BrowserWindow({
|
||||
width: 1200,
|
||||
height: 800,
|
||||
webPreferences: {
|
||||
nodeIntegration: false,
|
||||
contextIsolation: true,
|
||||
preload: path.join(__dirname, 'preload.js')
|
||||
}
|
||||
});
|
||||
|
||||
mainWindow.loadFile('index.html');
|
||||
|
||||
// Open DevTools in development
|
||||
if (process.env.NODE_ENV === 'development') {
|
||||
mainWindow.webContents.openDevTools();
|
||||
}
|
||||
}
|
||||
|
||||
app.whenReady().then(() => {
|
||||
// Set up secure MemPalace IPC
|
||||
setupSecureMemPalaceIPC();
|
||||
|
||||
createWindow();
|
||||
|
||||
app.on('activate', () => {
|
||||
if (BrowserWindow.getAllWindows().length === 0) {
|
||||
createWindow();
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
app.on('window-all-closed', () => {
|
||||
if (process.platform !== 'darwin') {
|
||||
app.quit();
|
||||
}
|
||||
});
|
||||
|
||||
// Handle any uncaught exceptions
|
||||
process.on('uncaughtException', (error) => {
|
||||
console.error('Uncaught exception:', error);
|
||||
});
|
||||
|
||||
process.on('unhandledRejection', (reason, promise) => {
|
||||
console.error('Unhandled rejection at:', promise, 'reason:', reason);
|
||||
});
|
||||
@@ -1,290 +0,0 @@
|
||||
/**
|
||||
* Secure MemPalace IPC Bridge
|
||||
* Issue #1423: [SECURITY] Electron MemPalace bridge allows arbitrary command execution
|
||||
*
|
||||
* Replaces raw command execution with typed, validated IPC actions.
|
||||
*/
|
||||
|
||||
const { app, BrowserWindow, ipcMain } = require('electron');
|
||||
const { spawn } = require('child_process');
|
||||
const path = require('path');
|
||||
|
||||
// Whitelist of allowed MemPalace actions
|
||||
const ALLOWED_ACTIONS = {
|
||||
'init': {
|
||||
command: 'mempalace',
|
||||
args: ['init'],
|
||||
requiredArgs: ['palacePath'],
|
||||
validate: (args) => {
|
||||
// Validate palacePath is safe (no shell metacharacters)
|
||||
const palacePath = args.palacePath;
|
||||
if (!palacePath || typeof palacePath !== 'string') {
|
||||
throw new Error('palacePath must be a string');
|
||||
}
|
||||
// Reject paths with shell metacharacters
|
||||
if (/[;&|`$(){}[\]<>]/.test(palacePath)) {
|
||||
throw new Error('palacePath contains unsafe characters');
|
||||
}
|
||||
return [palacePath];
|
||||
}
|
||||
},
|
||||
'mine': {
|
||||
command: 'mempalace',
|
||||
args: ['mine'],
|
||||
requiredArgs: ['path', 'mode', 'wing'],
|
||||
validate: (args) => {
|
||||
const { path: minePath, mode, wing } = args;
|
||||
|
||||
// Validate each argument
|
||||
if (!minePath || typeof minePath !== 'string') {
|
||||
throw new Error('path must be a string');
|
||||
}
|
||||
if (!mode || typeof mode !== 'string') {
|
||||
throw new Error('mode must be a string');
|
||||
}
|
||||
if (!wing || typeof wing !== 'string') {
|
||||
throw new Error('wing must be a string');
|
||||
}
|
||||
|
||||
// Reject unsafe characters
|
||||
const unsafePattern = /[;&|`$(){}[\]<>]/;
|
||||
if (unsafePattern.test(minePath) || unsafePattern.test(mode) || unsafePattern.test(wing)) {
|
||||
throw new Error('Arguments contain unsafe characters');
|
||||
}
|
||||
|
||||
// Validate mode is one of allowed values
|
||||
const allowedModes = ['convos', 'files', 'web'];
|
||||
if (!allowedModes.includes(mode)) {
|
||||
throw new Error(`Mode must be one of: ${allowedModes.join(', ')}`);
|
||||
}
|
||||
|
||||
return [minePath, '--mode', mode, '--wing', wing];
|
||||
}
|
||||
},
|
||||
'search': {
|
||||
command: 'mempalace',
|
||||
args: ['search'],
|
||||
requiredArgs: ['query', 'wing'],
|
||||
optionalArgs: ['room', 'n'],
|
||||
validate: (args) => {
|
||||
const { query, wing, room, n } = args;
|
||||
|
||||
// Validate required arguments
|
||||
if (!query || typeof query !== 'string') {
|
||||
throw new Error('query must be a string');
|
||||
}
|
||||
if (!wing || typeof wing !== 'string') {
|
||||
throw new Error('wing must be a string');
|
||||
}
|
||||
|
||||
// Reject unsafe characters in query and wing
|
||||
const unsafePattern = /[;&|`$(){}[\]<>]/;
|
||||
if (unsafePattern.test(query) || unsafePattern.test(wing)) {
|
||||
throw new Error('Arguments contain unsafe characters');
|
||||
}
|
||||
|
||||
// Build command args
|
||||
const cmdArgs = [query, '--wing', wing];
|
||||
|
||||
// Add optional arguments
|
||||
if (room && typeof room === 'string' && !unsafePattern.test(room)) {
|
||||
cmdArgs.push('--room', room);
|
||||
}
|
||||
if (n && typeof n === 'number' && n > 0 && n <= 100) {
|
||||
cmdArgs.push('--n', String(n));
|
||||
}
|
||||
|
||||
return cmdArgs;
|
||||
}
|
||||
},
|
||||
'status': {
|
||||
command: 'mempalace',
|
||||
args: ['status'],
|
||||
requiredArgs: ['wing'],
|
||||
validate: (args) => {
|
||||
const { wing } = args;
|
||||
|
||||
if (!wing || typeof wing !== 'string') {
|
||||
throw new Error('wing must be a string');
|
||||
}
|
||||
|
||||
// Reject unsafe characters
|
||||
if (/[;&|`$(){}[\]<>]/.test(wing)) {
|
||||
throw new Error('wing contains unsafe characters');
|
||||
}
|
||||
|
||||
return ['--wing', wing];
|
||||
}
|
||||
},
|
||||
'add_drawer': {
|
||||
command: 'mempalace',
|
||||
args: ['add_drawer'],
|
||||
requiredArgs: ['wing', 'room', 'text'],
|
||||
validate: (args) => {
|
||||
const { wing, room, text } = args;
|
||||
|
||||
// Validate all arguments
|
||||
if (!wing || typeof wing !== 'string') {
|
||||
throw new Error('wing must be a string');
|
||||
}
|
||||
if (!room || typeof room !== 'string') {
|
||||
throw new Error('room must be a string');
|
||||
}
|
||||
if (!text || typeof text !== 'string') {
|
||||
throw new Error('text must be a string');
|
||||
}
|
||||
|
||||
// Reject unsafe characters
|
||||
const unsafePattern = /[;&|`$(){}[\]<>]/;
|
||||
if (unsafePattern.test(wing) || unsafePattern.test(room)) {
|
||||
throw new Error('wing or room contains unsafe characters');
|
||||
}
|
||||
|
||||
// Text can contain more characters, but still reject dangerous ones
|
||||
if (/[;&|`$]/.test(text)) {
|
||||
throw new Error('text contains unsafe characters');
|
||||
}
|
||||
|
||||
return [wing, room, text];
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
* Validate and execute a MemPalace action
|
||||
*/
|
||||
async function executeMemPalaceAction(action, args = {}) {
|
||||
// Check if action is allowed
|
||||
if (!ALLOWED_ACTIONS[action]) {
|
||||
throw new Error(`Unknown action: ${action}. Allowed actions: ${Object.keys(ALLOWED_ACTIONS).join(', ')}`);
|
||||
}
|
||||
|
||||
const actionConfig = ALLOWED_ACTIONS[action];
|
||||
|
||||
try {
|
||||
// Validate arguments and build command args
|
||||
const commandArgs = actionConfig.validate(args);
|
||||
|
||||
// Build full command
|
||||
const command = actionConfig.command;
|
||||
const fullArgs = [...actionConfig.args, ...commandArgs];
|
||||
|
||||
console.log(`[MemPalace] Executing: ${command} ${fullArgs.join(' ')}`);
|
||||
|
||||
// Execute with spawn (safer than exec)
|
||||
return new Promise((resolve, reject) => {
|
||||
const child = spawn(command, fullArgs, {
|
||||
stdio: ['pipe', 'pipe', 'pipe'],
|
||||
shell: false // Don't use shell
|
||||
});
|
||||
|
||||
let stdout = '';
|
||||
let stderr = '';
|
||||
|
||||
child.stdout.on('data', (data) => {
|
||||
stdout += data.toString();
|
||||
});
|
||||
|
||||
child.stderr.on('data', (data) => {
|
||||
stderr += data.toString();
|
||||
});
|
||||
|
||||
child.on('close', (code) => {
|
||||
if (code === 0) {
|
||||
resolve({ stdout, stderr, code });
|
||||
} else {
|
||||
reject(new Error(`Command failed with code ${code}: ${stderr}`));
|
||||
}
|
||||
});
|
||||
|
||||
child.on('error', (error) => {
|
||||
reject(error);
|
||||
});
|
||||
});
|
||||
|
||||
} catch (error) {
|
||||
console.error(`[MemPalace] Validation error for ${action}:`, error.message);
|
||||
throw error;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Set up secure IPC handlers
|
||||
*/
|
||||
function setupSecureMemPalaceIPC() {
|
||||
// Remove any existing handlers
|
||||
ipcMain.removeHandler('exec-python');
|
||||
|
||||
// Set up typed action handlers
|
||||
ipcMain.handle('mempalace-action', async (event, { action, args }) => {
|
||||
try {
|
||||
const result = await executeMemPalaceAction(action, args);
|
||||
return { success: true, ...result };
|
||||
} catch (error) {
|
||||
console.error(`[MemPalace] Action ${action} failed:`, error.message);
|
||||
return { success: false, error: error.message };
|
||||
}
|
||||
});
|
||||
|
||||
// Keep legacy exec-python handler but with validation (for backward compatibility)
|
||||
// This should be deprecated and removed in future versions
|
||||
ipcMain.handle('exec-python', async (event, command) => {
|
||||
console.warn('[MemPalace] DEPRECATED: exec-python called. Use mempalace-action instead.');
|
||||
|
||||
// Parse the command to extract action and args
|
||||
const parts = command.trim().split(/\s+/);
|
||||
if (parts.length < 2 || parts[0] !== 'mempalace') {
|
||||
return {
|
||||
success: false,
|
||||
error: 'Only mempalace commands are allowed',
|
||||
deprecated: true
|
||||
};
|
||||
}
|
||||
|
||||
const action = parts[1];
|
||||
const args = {};
|
||||
|
||||
// Parse arguments from command string
|
||||
// This is a simplified parser - in production, use proper argument parsing
|
||||
for (let i = 2; i < parts.length; i++) {
|
||||
const part = parts[i];
|
||||
if (part.startsWith('--')) {
|
||||
const key = part.slice(2);
|
||||
const value = parts[i + 1];
|
||||
if (value && !value.startsWith('--')) {
|
||||
args[key] = value;
|
||||
i++; // Skip next part
|
||||
}
|
||||
} else if (!args.path && !args.wing && !args.query) {
|
||||
// Positional arguments
|
||||
if (!args.path) args.path = part;
|
||||
else if (!args.wing) args.wing = part;
|
||||
else if (!args.query) args.query = part;
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
const result = await executeMemPalaceAction(action, args);
|
||||
return {
|
||||
success: true,
|
||||
...result,
|
||||
deprecated: true,
|
||||
warning: 'This endpoint is deprecated. Use mempalace-action instead.'
|
||||
};
|
||||
} catch (error) {
|
||||
return {
|
||||
success: false,
|
||||
error: error.message,
|
||||
deprecated: true
|
||||
};
|
||||
}
|
||||
});
|
||||
|
||||
console.log('[MemPalace] Secure IPC handlers registered');
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
setupSecureMemPalaceIPC,
|
||||
executeMemPalaceAction,
|
||||
ALLOWED_ACTIONS
|
||||
};
|
||||
24
preload.js
24
preload.js
@@ -1,24 +0,0 @@
|
||||
/**
|
||||
* Preload script for Electron
|
||||
* Exposes secure MemPalace API to renderer
|
||||
*/
|
||||
|
||||
const { contextBridge, ipcRenderer } = require('electron');
|
||||
|
||||
// Expose secure MemPalace API to renderer
|
||||
contextBridge.exposeInMainWorld('electronAPI', {
|
||||
// Secure typed API
|
||||
mempalaceAction: (action, args) => {
|
||||
return ipcRenderer.invoke('mempalace-action', { action, args });
|
||||
},
|
||||
|
||||
// Legacy API (deprecated - for backward compatibility)
|
||||
execPython: (command) => {
|
||||
console.warn('[MemPalace] execPython is deprecated. Use mempalaceAction instead.');
|
||||
return ipcRenderer.invoke('exec-python', command);
|
||||
},
|
||||
|
||||
// Utility functions
|
||||
platform: process.platform,
|
||||
versions: process.versions
|
||||
});
|
||||
@@ -1,177 +0,0 @@
|
||||
/**
|
||||
* Tests for secure MemPalace IPC bridge
|
||||
* Issue #1423: [SECURITY] Electron MemPalace bridge allows arbitrary command execution
|
||||
*/
|
||||
|
||||
const test = require('node:test');
|
||||
const assert = require('node:assert/strict');
|
||||
const { setupSecureMemPalaceIPC, executeMemPalaceAction, ALLOWED_ACTIONS } = require('./electron-mempalace-bridge');
|
||||
|
||||
// Mock Electron IPC
|
||||
const mockIpcMain = {
|
||||
handlers: {},
|
||||
handle: function(channel, handler) {
|
||||
this.handlers[channel] = handler;
|
||||
},
|
||||
removeHandler: function(channel) {
|
||||
delete this.handlers[channel];
|
||||
}
|
||||
};
|
||||
|
||||
// Mock child_process.spawn
|
||||
const mockSpawn = jest.fn();
|
||||
|
||||
// Setup before tests
|
||||
test.before(() => {
|
||||
// Mock require
|
||||
const Module = require('module');
|
||||
const originalRequire = Module.prototype.require;
|
||||
|
||||
Module.prototype.require = function(id) {
|
||||
if (id === 'child_process') {
|
||||
return { spawn: mockSpawn };
|
||||
}
|
||||
if (id === 'electron') {
|
||||
return { ipcMain: mockIpcMain };
|
||||
}
|
||||
return originalRequire.apply(this, arguments);
|
||||
};
|
||||
});
|
||||
|
||||
test('ALLOWED_ACTIONS contains expected actions', () => {
|
||||
const expectedActions = ['init', 'mine', 'search', 'status', 'add_drawer'];
|
||||
expectedActions.forEach(action => {
|
||||
assert.ok(ALLOWED_ACTIONS[action], `Should have ${action} action`);
|
||||
assert.ok(ALLOWED_ACTIONS[action].command, `${action} should have command`);
|
||||
assert.ok(ALLOWED_ACTIONS[action].args, `${action} should have args`);
|
||||
assert.ok(ALLOWED_ACTIONS[action].validate, `${action} should have validate function`);
|
||||
});
|
||||
});
|
||||
|
||||
test('Valid init action works', async () => {
|
||||
// Mock spawn to return success
|
||||
const mockChild = {
|
||||
stdout: { on: (event, cb) => { if (event === 'data') cb('OK'); } },
|
||||
stderr: { on: () => {} },
|
||||
on: (event, cb) => { if (event === 'close') cb(0); }
|
||||
};
|
||||
mockSpawn.mockReturnValue(mockChild);
|
||||
|
||||
const result = await executeMemPalaceAction('init', { palacePath: '/safe/path' });
|
||||
assert.equal(result.stdout, 'OK');
|
||||
assert.equal(result.stderr, '');
|
||||
assert.equal(result.code, 0);
|
||||
});
|
||||
|
||||
test('Valid mine action works', async () => {
|
||||
const mockChild = {
|
||||
stdout: { on: (event, cb) => { if (event === 'data') cb('Mined'); } },
|
||||
stderr: { on: () => {} },
|
||||
on: (event, cb) => { if (event === 'close') cb(0); }
|
||||
};
|
||||
mockSpawn.mockReturnValue(mockChild);
|
||||
|
||||
const result = await executeMemPalaceAction('mine', {
|
||||
path: '/safe/path',
|
||||
mode: 'convos',
|
||||
wing: 'test_wing'
|
||||
});
|
||||
assert.equal(result.stdout, 'Mined');
|
||||
});
|
||||
|
||||
test('Rejects unsafe characters in init', async () => {
|
||||
await assert.rejects(
|
||||
() => executeMemPalaceAction('init', { palacePath: '/path; rm -rf /' }),
|
||||
{ message: /unsafe characters/ }
|
||||
);
|
||||
});
|
||||
|
||||
test('Rejects unsafe characters in mine', async () => {
|
||||
await assert.rejects(
|
||||
() => executeMemPalaceAction('mine', {
|
||||
path: '/path; rm -rf /',
|
||||
mode: 'convos',
|
||||
wing: 'test'
|
||||
}),
|
||||
{ message: /unsafe characters/ }
|
||||
);
|
||||
});
|
||||
|
||||
test('Rejects unsafe characters in search', async () => {
|
||||
await assert.rejects(
|
||||
() => executeMemPalaceAction('search', {
|
||||
query: 'test; rm -rf /',
|
||||
wing: 'test'
|
||||
}),
|
||||
{ message: /unsafe characters/ }
|
||||
);
|
||||
});
|
||||
|
||||
test('Rejects unknown actions', async () => {
|
||||
await assert.rejects(
|
||||
() => executeMemPalaceAction('unknown', {}),
|
||||
{ message: /Unknown action/ }
|
||||
);
|
||||
});
|
||||
|
||||
test('Rejects invalid mine mode', async () => {
|
||||
await assert.rejects(
|
||||
() => executeMemPalaceAction('mine', {
|
||||
path: '/safe/path',
|
||||
mode: 'invalid_mode',
|
||||
wing: 'test'
|
||||
}),
|
||||
{ message: /Mode must be one of/ }
|
||||
);
|
||||
});
|
||||
|
||||
test('Rejects missing required arguments', async () => {
|
||||
await assert.rejects(
|
||||
() => executeMemPalaceAction('mine', {
|
||||
path: '/safe/path',
|
||||
// Missing mode and wing
|
||||
}),
|
||||
{ message: /must be a string/ }
|
||||
);
|
||||
});
|
||||
|
||||
test('Search with optional arguments works', async () => {
|
||||
const mockChild = {
|
||||
stdout: { on: (event, cb) => { if (event === 'data') cb('Results'); } },
|
||||
stderr: { on: () => {} },
|
||||
on: (event, cb) => { if (event === 'close') cb(0); }
|
||||
};
|
||||
mockSpawn.mockReturnValue(mockChild);
|
||||
|
||||
const result = await executeMemPalaceAction('search', {
|
||||
query: 'test query',
|
||||
wing: 'test_wing',
|
||||
room: 'test_room',
|
||||
n: 10
|
||||
});
|
||||
assert.equal(result.stdout, 'Results');
|
||||
});
|
||||
|
||||
test('Rejects unsafe room in search', async () => {
|
||||
await assert.rejects(
|
||||
() => executeMemPalaceAction('search', {
|
||||
query: 'safe query',
|
||||
wing: 'safe_wing',
|
||||
room: 'room; rm -rf /'
|
||||
}),
|
||||
{ message: /unsafe characters/ }
|
||||
);
|
||||
});
|
||||
|
||||
test('Rejects unsafe text in add_drawer', async () => {
|
||||
await assert.rejects(
|
||||
() => executeMemPalaceAction('add_drawer', {
|
||||
wing: 'safe_wing',
|
||||
room: 'safe_room',
|
||||
text: 'text; rm -rf /'
|
||||
}),
|
||||
{ message: /unsafe characters/ }
|
||||
);
|
||||
});
|
||||
|
||||
console.log('All secure MemPalace IPC tests passed!');
|
||||
Reference in New Issue
Block a user