Skip to content

Commit

Permalink
fix: strf-8574, bump version of "inquirer" to fix security issues
Browse files Browse the repository at this point in the history
  • Loading branch information
MaxGenash committed Aug 6, 2020
1 parent f132275 commit 474c9af
Show file tree
Hide file tree
Showing 7 changed files with 249 additions and 223 deletions.
83 changes: 42 additions & 41 deletions bin/stencil-download.js
Original file line number Diff line number Diff line change
@@ -1,15 +1,16 @@
#!/usr/bin/env node

require('colors');
const apiHost = 'https://api.bigcommerce.com';
const dotStencilFilePath = './.stencil';
const options = { dotStencilFilePath };
const pkg = require('../package.json');
const inquirer = require('inquirer');
const Program = require('commander');
const { promisify } = require("util");

const pkg = require('../package.json');
const stencilDownload = require('../lib/stencil-download');
const versionCheck = require('../lib/version-check');
const themeApiClient = require('../lib/theme-api-client');
const inquirer = require('inquirer');

const apiHost = 'https://api.bigcommerce.com';

Program
.version(pkg.version)
Expand All @@ -22,41 +23,41 @@ if (!versionCheck()) {
process.exit(2);
}

const overwriteType = Program.file ? Program.file : 'files';

Object.assign(options, {
exclude: ['parsed', 'manifest.json'],
});

inquirer.prompt([{
message: `${'Warning'.yellow} -- overwrite local with remote ${overwriteType}?`,
name: 'overwrite',
type: 'checkbox',
choices: ['Yes', 'No'],
}], answers => {

if (answers.overwrite.indexOf('Yes') > -1) {
console.log(`${'ok'.green} -- ${overwriteType} will be overwritten by change`);

if (Program.exclude) {
options.exclude.push(Program.exclude);
}

stencilDownload(Object.assign({}, options, {
apiHost: Program.host || apiHost,
file: Program.file,
// eslint-disable-next-line no-unused-vars
}), (err, result) => {
if (err) {
console.log("\n\n" + 'not ok'.red + ` -- ${err} see details below:`);
themeApiClient.printErrorMessages(err.messages);
console.log('If this error persists, please visit https://github.com/bigcommerce/stencil-cli/issues and submit an issue.');
} else {
console.log('ok'.green + ` -- Theme file(s) updated from remote`);
}
});

} else {
const extraExclude = Program.exclude ? [Program.exclude] : [];
const options = {
dotStencilFilePath: './.stencil',
exclude: ['parsed', 'manifest.json', ...extraExclude],
apiHost: Program.host || apiHost,
file: Program.file,
};

run(options);

async function run (opts) {
const overwriteType = opts.file ? opts.file : 'files';

const answers = await inquirer.prompt([{
message: `${'Warning'.yellow} -- overwrite local with remote ${overwriteType}?`,
name: 'overwrite',
type: 'checkbox',
choices: ['Yes', 'No'],
}]);

if (!answers.overwrite.includes('Yes')) {
console.log('Request cancelled by user '+ ('No'.red));
return;
}

console.log(`${'ok'.green} -- ${overwriteType} will be overwritten by change`);

try {
await promisify(stencilDownload)(opts);
} catch (err) {
console.log("\n\n" + 'not ok'.red + ` -- ${err} see details below:`);
themeApiClient.printErrorMessages(err.messages);
console.log('If this error persists, please visit https://github.com/bigcommerce/stencil-cli/issues and submit an issue.');
return;
}
});

console.log('ok'.green + ` -- Theme file(s) updated from remote`);
}
64 changes: 33 additions & 31 deletions lib/release/questions.js
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ const dateFormatOptions = {
day: '2-digit',
};

function askQuestions(themeConfig, githubToken, remotes, callback) {
async function askQuestions(themeConfig, githubToken, remotes) {
const remoteChoices = remotes.map(remote => {
return { value: remote, name: `${remote.name}: ${remote.url}` };
});
Expand All @@ -18,35 +18,37 @@ function askQuestions(themeConfig, githubToken, remotes, callback) {
const nextPatchVersion = semver.inc(currentVersion, 'patch');
const nextMinorVersion = semver.inc(currentVersion, 'minor');
const nextMajorVersion = semver.inc(currentVersion, 'major');
const nextReleaseCandidate = currentVersion.includes('-rc.') ?
semver.inc(currentVersion, 'prerelease', 'rc') :
semver.inc(currentVersion, 'minor') + '-rc.1';
const nextReleaseCandidate = currentVersion.includes('-rc.')
? semver.inc(currentVersion, 'prerelease', 'rc')
: semver.inc(currentVersion, 'minor') + '-rc.1';

const questions = [
{
name: 'version',
type: 'list',
message: 'What type of release would you like to do? ' + 'Current version: '.cyan + currentVersion,
choices: [{
name: 'Release Candidate: '.yellow + nextReleaseCandidate.yellow + ' Internal release for testing.',
value: nextReleaseCandidate,
},
{
name: 'Patch: '.yellow + nextPatchVersion.yellow + ' Backwards-compatible bug fixes.',
value: nextPatchVersion,
},
{
name: 'Minor: '.yellow + nextMinorVersion.yellow + ' Feature release or significant update.',
value: nextMinorVersion,
},
{
name: 'Major: '.yellow + nextMajorVersion.yellow + ' Major change.',
value: nextMajorVersion,
},
{
name: 'Custom: ?.?.?'.yellow + ' Specify version...',
value: 'custom',
}],
choices: [
{
name: 'Release Candidate: '.yellow + nextReleaseCandidate.yellow + ' Internal release for testing.',
value: nextReleaseCandidate,
},
{
name: 'Patch: '.yellow + nextPatchVersion.yellow + ' Backwards-compatible bug fixes.',
value: nextPatchVersion,
},
{
name: 'Minor: '.yellow + nextMinorVersion.yellow + ' Feature release or significant update.',
value: nextMinorVersion,
},
{
name: 'Major: '.yellow + nextMajorVersion.yellow + ' Major change.',
value: nextMajorVersion,
},
{
name: 'Custom: ?.?.?'.yellow + ' Specify version...',
value: 'custom',
},
],
},
{
name: 'version',
Expand Down Expand Up @@ -86,15 +88,15 @@ function askQuestions(themeConfig, githubToken, remotes, callback) {
},
];

inquirer.prompt(questions, answers => {
if (!answers.proceed) {
return callback(new Error('Operation cancelled'));
}
const answers = await inquirer.prompt(questions);

answers.date = new Date().toLocaleString('en-US', dateFormatOptions).split('/').join('-');
if (!answers.proceed) {
throw new Error('Operation cancelled');
}

callback(null, answers);
});
answers.date = new Date().toLocaleString('en-US', dateFormatOptions).split('/').join('-');

return answers;
}

module.exports = askQuestions;
4 changes: 2 additions & 2 deletions lib/release/release.js
Original file line number Diff line number Diff line change
Expand Up @@ -20,15 +20,15 @@ module.exports = async () => {
}

try {
const answers = await util.promisify(askQuestions)(themeConfig, getGithubToken(), gitData.remotes);
const answers = await askQuestions(themeConfig, getGithubToken(), gitData.remotes);

saveGithubToken(answers.githubToken);

await doRelease(answers);

console.log('done'.green);
} catch (err) {
return printError(err.message);
return printError(err.message || err);
}
};

Expand Down
95 changes: 41 additions & 54 deletions lib/stencil-init.js
Original file line number Diff line number Diff line change
@@ -1,18 +1,17 @@
'use strict';
var Fs = require('fs');
var jsonLint = require('./json-lint');
var Path = require('path');
var Inquirer = require('inquirer');
var themePath = process.cwd();
var hoek = require('hoek');
var configuration;
var internals = {};
const Fs = require('fs');
const { promisify } = require("util");
const Path = require('path');
const Inquirer = require('inquirer');
const hoek = require('hoek');

internals.parseAnswers = function(JspmAssembler, ThemeConfig, dotStencilFile, dotStencilFilePath, answers) {
const jsonLint = require('./json-lint');
const themePath = process.cwd();

async function performAnswers(JspmAssembler, ThemeConfig, stencilConfig, dotStencilFilePath, answers) {
// Check for custom layout configurations
// If already set, do nothing otherwise write the empty configurations
if (!dotStencilFile || dotStencilFile && !dotStencilFile.customLayouts) {
if (!stencilConfig || stencilConfig && !stencilConfig.customLayouts) {
answers.customLayouts = {
'brand': {},
'category': {},
Expand All @@ -21,56 +20,45 @@ internals.parseAnswers = function(JspmAssembler, ThemeConfig, dotStencilFile, do
};
}

var defaults = dotStencilFile ? hoek.applyToDefaults(dotStencilFile, answers) : answers;
const performedStencilConfig = stencilConfig ? hoek.applyToDefaults(stencilConfig, answers) : answers;

Fs.writeFile(dotStencilFilePath, JSON.stringify(defaults, null, 2), function (err) {
var ready = 'You are now ready to go! To start developing, run $ ' + 'stencil start'.cyan,
bundleTask;
Fs.writeFileSync(dotStencilFilePath, JSON.stringify(performedStencilConfig, null, 2));
const ready = 'You are now ready to go! To start developing, run $ ' + 'stencil start'.cyan;

if (err) {
throw err;
// bundle dev dependencies
const themeConfig = ThemeConfig.getInstance(themePath).getConfig();
if (themeConfig.jspm) {
if (!Fs.existsSync(Path.join(themePath, themeConfig.jspm.jspm_packages_path))) {
console.log('Error: The path you specified for your "jspm_packages" folder does not exist.'.red);
return console.log(
'Please check your '.red +
'jspm.jspm_packages_path'.cyan +
' setting in your theme\'s '.red +
'config.json'.cyan +
' file to make sure it\'s correct.'.red,
);
}

// bundle dev dependencies
configuration = ThemeConfig.getInstance(themePath).getConfig();
if (configuration.jspm) {
if (!Fs.existsSync(Path.join(themePath, configuration.jspm.jspm_packages_path))) {
console.log('Error: The path you specified for your "jspm_packages" folder does not exist.'.red);
return console.log(
'Please check your '.red +
'jspm.jspm_packages_path'.cyan +
' setting in your theme\'s '.red +
'config.json'.cyan +
' file to make sure it\'s correct.'.red,
);
}

bundleTask = JspmAssembler.assemble(configuration.jspm, themePath);

bundleTask(function () {
console.log(ready);
});
const bundleTask = promisify(JspmAssembler.assemble.bind(JspmAssembler));
await bundleTask(themeConfig.jspm, themePath);
}

} else {
console.log(ready);
}
});
};
console.log(ready);
}

internals.implementation = function(JspmAssembler, ThemeConfig, dotStencilFilePath, url, token, port) {
var dotStencilFile;
var questions;
async function implementation(JspmAssembler, ThemeConfig, dotStencilFilePath, url, token, port) {
let stencilConfig;

if (Fs.existsSync(dotStencilFilePath)) {
dotStencilFile = Fs.readFileSync(dotStencilFilePath, {encoding: 'utf-8'});
const dotStencilFile = Fs.readFileSync(dotStencilFilePath, { encoding: 'utf-8' });
try {
dotStencilFile = jsonLint.parse(dotStencilFile, dotStencilFilePath);
stencilConfig = jsonLint.parse(dotStencilFile, dotStencilFilePath);
} catch (e) {
return console.error(e.fileName, e.stack);
}
}

questions = [
const questions = [
{
type: 'input',
name: 'normalStoreUrl',
Expand All @@ -82,13 +70,13 @@ internals.implementation = function(JspmAssembler, ThemeConfig, dotStencilFilePa
return 'You must enter a URL';
}
},
default: url || dotStencilFile && dotStencilFile.normalStoreUrl || undefined,
default: url || stencilConfig && stencilConfig.normalStoreUrl || undefined,
},
{
type: 'input',
name: 'accessToken',
message: 'What is your Stencil OAuth Access Token?',
default: token || dotStencilFile && dotStencilFile.accessToken,
default: token || stencilConfig && stencilConfig.accessToken,
filter: function(val) {
return val.trim();
},
Expand All @@ -97,7 +85,7 @@ internals.implementation = function(JspmAssembler, ThemeConfig, dotStencilFilePa
type: 'input',
name: 'port',
message: 'What port would you like to run the server on?',
default: port || dotStencilFile && dotStencilFile.port || 3000,
default: port || stencilConfig && stencilConfig.port || 3000,
validate: function (val) {
if (isNaN(val)) {
return 'You must enter an integer';
Expand All @@ -109,10 +97,9 @@ internals.implementation = function(JspmAssembler, ThemeConfig, dotStencilFilePa
},
},
];
const answers = await Inquirer.prompt(questions);

Inquirer.prompt(questions, function(answers) {
internals.parseAnswers(JspmAssembler, ThemeConfig, dotStencilFile, dotStencilFilePath, answers);
});
};
await performAnswers(JspmAssembler, ThemeConfig, stencilConfig, dotStencilFilePath, answers);
}

module.exports = internals.implementation;
module.exports = implementation;
Loading

0 comments on commit 474c9af

Please sign in to comment.