MatrixAI · aryanjassal · Oct 21, 2024 · Oct 14, 2024
diff --git a/src/secrets/CommandEnv.ts b/src/secrets/CommandEnv.ts
diff --git a/src/utils/options.ts b/src/utils/options.ts
@@ -214,7 +214,13 @@ const envVariables = new commander.Option('-e --env <envs...>', 'specify envs')
   .argParser(
     (value: string, previous: Array<[string, string, string?]> | undefined) => {
       const acc = previous ?? [];
-      acc.push(binParsers.parseSecretPathEnv(value));
+      const [vault, secret, val] = binParsers.parseSecretPathEnv(value);
+      if (secret == null) {
+        throw new commander.InvalidArgumentError(
+          'You must provide at least one secret path',
+        );
+      }
+      acc.push([vault, secret, val]);
       return acc;
     },
   );

diff --git a/src/utils/parsers.ts b/src/utils/parsers.ts
@@ -8,7 +8,9 @@ import * as gestaltsUtils from 'polykey/dist/gestalts/utils';
 import * as networkUtils from 'polykey/dist/network/utils';
 import * as nodesUtils from 'polykey/dist/nodes/utils';
 
-const secretPathRegex = /^([\w-]+)(?::([^\0\\=]+))?$/;
+const vaultNameRegex = /^(?!.*[:])[ -~\t\n]*$/s;
+const secretPathRegex = /^(?!.*[=])[ -~\t\n]*$/s;
+const vaultNameSecretPathRegex = /^([\w\-\.]+)(?::([^\0\\=]+))?$/;
 const secretPathValueRegex = /^([a-zA-Z_][\w]+)?$/;
 const environmentVariableRegex = /^([a-zA-Z_]+[a-zA-Z0-9_]*)?$/;
 
@@ -80,15 +82,26 @@ function parseSecretPathOptional(
     lastEqualIndex === -1
       ? undefined
       : secretPath.substring(lastEqualIndex + 1);
-  if (!secretPathRegex.test(splitSecretPath)) {
+  if (!vaultNameSecretPathRegex.test(splitSecretPath)) {
     throw new commander.InvalidArgumentError(
       `${secretPath} is not of the format <vaultName>[:<directoryPath>][=<value>]`,
     );
   }
-  const [, vaultName, directoryPath] = splitSecretPath.match(secretPathRegex)!;
+  const [, vaultName, directoryPath] = splitSecretPath.match(
+    vaultNameSecretPathRegex,
+  )!;
   return [vaultName, directoryPath, value];
 }
 
+function parseVaultName(vaultName: string): string {
+  if (!vaultNameRegex.test(vaultName)) {
+    throw new commander.InvalidArgumentError(
+      `${vaultName} is not a valid vault name`,
+    );
+  }
+  return vaultName;
+}
+
 function parseSecretPath(secretPath: string): [string, string, string?] {
   // E.g. If 'vault1:a/b/c', ['vault1', 'a/b/c'] is returned
   //      If 'vault1', an error is thrown
@@ -111,8 +124,37 @@ function parseSecretPathValue(secretPath: string): [string, string, string?] {
   return [vaultName, directoryPath, value];
 }
 
-function parseSecretPathEnv(secretPath: string): [string, string, string?] {
-  const [vaultName, directoryPath, value] = parseSecretPath(secretPath);
+function parseSecretPathEnv(secretPath: string): [string, string?, string?] {
+  // The colon character `:` is prohibited in vaultName, so it's first occurence
+  // means that this is the delimiter between vaultName and secretPath.
+  const colonIndex = secretPath.indexOf(':');
+  // If no colon exists, treat entire string as vault name
+  if (colonIndex === -1) {
+    return [parseVaultName(secretPath), undefined, undefined];
+  }
+  // Calculate contents before the `=` separator
+  const vaultNamePart = secretPath.substring(0, colonIndex);
+  const secretPathPart = secretPath.substring(colonIndex + 1);
+  // Calculate contents after the `=` separator
+  const equalIndex = secretPathPart.indexOf('=');
+  const splitSecretPath =
+    equalIndex === -1
+      ? secretPathPart
+      : secretPathPart.substring(0, equalIndex);
+  const valueData =
+    equalIndex === -1 ? undefined : secretPathPart.substring(equalIndex + 1);
+  if (splitSecretPath != null && !secretPathRegex.test(splitSecretPath)) {
+    throw new commander.InvalidArgumentError(
+      `${secretPath} is not of the format <vaultName>[:<secretPath>][=<value>]`,
+    );
+  }
+  const parsedVaultName = parseVaultName(vaultNamePart);
+  const parsedSecretPath = splitSecretPath.match(secretPathRegex)?.[0] ?? '/';
+  const [vaultName, directoryPath, value] = [
+    parsedVaultName,
+    parsedSecretPath,
+    valueData,
+  ];
   if (value != null && !environmentVariableRegex.test(value)) {
     throw new commander.InvalidArgumentError(
       `${value} is not a valid environment variable name`,
@@ -182,25 +224,24 @@ const parseSeedNodes: (data: string) => [SeedNodes, boolean] =
 
 /**
  * This parses the arguments used for the env command. It should be formatted as
- * <secretPath...> [--] [cmd] [cmdArgs...]
- * The cmd part of the list is separated in two ways, either the user explicitly uses `--` or the first non-secret path separates it.
+ * <secretPath...> [-- cmd [cmdArgs...]]
+ * The cmd part of the list is separated by using `--`.
  */
 function parseEnvArgs(
   value: string,
-  prev: [Array<[string, string, string?]>, Array<string>] | undefined,
-): [Array<[string, string, string?]>, Array<string>] {
-  const current: [Array<[string, string, string?]>, Array<string>] = prev ?? [
+  prev: [Array<[string, string?, string?]>, Array<string>] | undefined,
+): [Array<[string, string?, string?]>, Array<string>] {
+  const current: [Array<[string, string?, string?]>, Array<string>] = prev ?? [
     [],
     [],
   ];
   if (current[1].length === 0) {
     // Parse a secret path
-    try {
+    if (value !== '--') {
       current[0].push(parseSecretPathEnv(value));
-    } catch (e) {
-      if (!(e instanceof commander.InvalidArgumentError)) throw e;
-      // If we get an invalid argument error then we switch over to parsing args verbatim
+    } else {
       current[1].push(value);
+      return current;
     }
   } else {
     // Otherwise we just have the cmd args
@@ -215,13 +256,15 @@ function parseEnvArgs(
 }
 
 export {
+  vaultNameRegex,
   secretPathRegex,
   secretPathValueRegex,
   environmentVariableRegex,
   validateParserToArgParser,
   validateParserToArgListParser,
   parseCoreCount,
   parseSecretPathOptional,
+  parseVaultName,
   parseSecretPath,
   parseSecretPathValue,
   parseSecretPathEnv,

diff --git a/src/vaults/CommandClone.ts b/src/vaults/CommandClone.ts
@@ -11,7 +11,11 @@ class CommandClone extends CommandPolykey {
     super(...args);
     this.name('clone');
     this.description('Clone a Vault from Another Node');
-    this.argument('<vaultNameOrId>', 'Name or Id of the vault to be cloned');
+    this.argument(
+      '<vaultName>',
+      'Name of the vault to be cloned',
+      binParsers.parseVaultName,
+    );
     this.argument(
       '<nodeId>',
       'Id of the node to clone the vault from',

diff --git a/src/vaults/CommandCreate.ts b/src/vaults/CommandCreate.ts
@@ -4,14 +4,19 @@ import CommandPolykey from '../CommandPolykey';
 import * as binUtils from '../utils';
 import * as binOptions from '../utils/options';
 import * as binProcessors from '../utils/processors';
+import * as binParsers from '../utils/parsers';
 
 class CommandCreate extends CommandPolykey {
   constructor(...args: ConstructorParameters<typeof CommandPolykey>) {
     super(...args);
     this.name('create');
     this.aliases(['touch']);
     this.description('Create a new Vault');
-    this.argument('<vaultName>', 'Name of the new vault to be created');
+    this.argument(
+      '<vaultName>',
+      'Name of the new vault to be created',
+      binParsers.parseVaultName,
+    );
     this.addOption(binOptions.nodeId);
     this.addOption(binOptions.clientHost);
     this.addOption(binOptions.clientPort);

diff --git a/src/vaults/CommandDelete.ts b/src/vaults/CommandDelete.ts
@@ -3,13 +3,18 @@ import CommandPolykey from '../CommandPolykey';
 import * as binUtils from '../utils';
 import * as binOptions from '../utils/options';
 import * as binProcessors from '../utils/processors';
+import * as binParsers from '../utils/parsers';
 
 class CommandDelete extends CommandPolykey {
   constructor(...args: ConstructorParameters<typeof CommandPolykey>) {
     super(...args);
     this.name('delete');
     this.description('Delete an Existing Vault');
-    this.argument('<vaultName>', 'Name of the vault to be deleted');
+    this.argument(
+      '<vaultName>',
+      'Name of the vault to be deleted',
+      binParsers.parseVaultName,
+    );
     this.addOption(binOptions.nodeId);
     this.addOption(binOptions.clientHost);
     this.addOption(binOptions.clientPort);

diff --git a/src/vaults/CommandLog.ts b/src/vaults/CommandLog.ts
@@ -4,13 +4,18 @@ import CommandPolykey from '../CommandPolykey';
 import * as binUtils from '../utils';
 import * as binOptions from '../utils/options';
 import * as binProcessors from '../utils/processors';
+import * as binParsers from '../utils/parsers';
 
 class CommandLog extends CommandPolykey {
   constructor(...args: ConstructorParameters<typeof CommandPolykey>) {
     super(...args);
     this.name('log');
     this.description('Get the Version History of a Vault');
-    this.argument('<vaultName>', 'Name of the vault to obtain the log from');
+    this.argument(
+      '<vaultName>',
+      'Name of the vault to obtain the log from',
+      binParsers.parseVaultName,
+    );
     this.addOption(binOptions.commitId);
     this.addOption(binOptions.depth);
     this.addOption(binOptions.nodeId);

diff --git a/src/vaults/CommandPermissions.ts b/src/vaults/CommandPermissions.ts
@@ -3,14 +3,15 @@ import * as binProcessors from '../utils/processors';
 import * as binUtils from '../utils';
 import CommandPolykey from '../CommandPolykey';
 import * as binOptions from '../utils/options';
+import * as binParsers from '../utils/parsers';
 
 class CommandPermissions extends CommandPolykey {
   constructor(...args: ConstructorParameters<typeof CommandPolykey>) {
     super(...args);
     this.name('permissions');
     this.alias('perms');
     this.description('Sets the permissions of a vault for Node Ids');
-    this.argument('<vaultName>', 'Name or ID of the vault');
+    this.argument('<vaultName', 'Name of the vault', binParsers.parseVaultName);
     this.addOption(binOptions.nodeId);
     this.addOption(binOptions.clientHost);
     this.addOption(binOptions.clientPort);

diff --git a/src/vaults/CommandPull.ts b/src/vaults/CommandPull.ts
@@ -11,7 +11,11 @@ class CommandPull extends CommandPolykey {
     super(...args);
     this.name('pull');
     this.description('Pull a Vault from Another Node');
-    this.argument('<vaultNameOrId>', 'Name of the vault to be pulled into');
+    this.argument(
+      '<vaultName>',
+      'Name of the vault to be pulled into',
+      binParsers.parseVaultName,
+    );
     this.argument(
       '[targetNodeId]',
       '(Optional) target node to pull from',

diff --git a/src/vaults/CommandRename.ts b/src/vaults/CommandRename.ts
@@ -3,14 +3,23 @@ import CommandPolykey from '../CommandPolykey';
 import * as binUtils from '../utils';
 import * as binOptions from '../utils/options';
 import * as binProcessors from '../utils/processors';
+import * as binParsers from '../utils/parsers';
 
 class CommandRename extends CommandPolykey {
   constructor(...args: ConstructorParameters<typeof CommandPolykey>) {
     super(...args);
     this.name('rename');
     this.description('Rename an Existing Vault');
-    this.argument('<vaultName>', 'Name of the vault to be renamed');
-    this.argument('<newVaultName>', 'New name of the vault');
+    this.argument(
+      '<vaultName>',
+      'Name of the vault to be renamed',
+      binParsers.parseVaultName,
+    );
+    this.argument(
+      '<newVaultName>',
+      'New name of the vault',
+      binParsers.parseVaultName,
+    );
     this.addOption(binOptions.nodeId);
     this.addOption(binOptions.clientHost);
     this.addOption(binOptions.clientPort);

diff --git a/src/vaults/CommandShare.ts b/src/vaults/CommandShare.ts
@@ -11,7 +11,11 @@ class CommandShare extends CommandPolykey {
     super(...args);
     this.name('share');
     this.description('Set the Permissions of a Vault for a Node');
-    this.argument('<vaultName>', 'Name of the vault to be shared');
+    this.argument(
+      '<vaultName>',
+      'Name of the vault to be shared',
+      binParsers.parseVaultName,
+    );
     this.argument(
       '<nodeId>',
       'Id of the node to share to',

diff --git a/src/vaults/CommandUnshare.ts b/src/vaults/CommandUnshare.ts
@@ -11,7 +11,11 @@ class CommandUnshare extends CommandPolykey {
     super(...args);
     this.name('unshare');
     this.description('Unset the Permissions of a Vault for a Node');
-    this.argument('<vaultName>', 'Name of the vault to be unshared');
+    this.argument(
+      '<vaultName>',
+      'Name of the vault to be unshared',
+      binParsers.parseVaultName,
+    );
     this.argument(
       '<nodeId>',
       'Id of the node to unshare with',

diff --git a/src/vaults/CommandVersion.ts b/src/vaults/CommandVersion.ts
@@ -3,13 +3,18 @@ import CommandPolykey from '../CommandPolykey';
 import * as binUtils from '../utils';
 import * as binOptions from '../utils/options';
 import * as binProcessors from '../utils/processors';
+import * as binParsers from '../utils/parsers';
 
 class CommandVersion extends CommandPolykey {
   constructor(...args: ConstructorParameters<typeof CommandPolykey>) {
     super(...args);
     this.name('version');
     this.description('Set a Vault to a Particular Version in its History');
-    this.argument('<vaultName>', 'Name of the vault to change the version of');
+    this.argument(
+      '<vaultName>',
+      'Name of the vault to change the version of',
+      binParsers.parseVaultName,
+    );
     this.argument('<versionId>', 'Id of the commit that will be changed to');
     this.addOption(binOptions.nodeId);
     this.addOption(binOptions.clientHost);