chore: new release with minimal changes

Kinin-Code-Offical · Kinin-Code-Offical · commit b9d02aac61b7 · 2025-12-21T21:17:02.000+03:00
diff --git a/src/core/selfUpdate.ts b/src/core/selfUpdate.ts
@@ -177,9 +177,21 @@ export async function applyUpdateInstaller(installerPath: string, silent: boolea
 
     if (elevate) {
         // Use PowerShell Start-Process -Verb RunAs
-        // Use $args array to pass parameters safely to the script block, avoiding command injection
-        const psCommand = '& { $p, $a = $args; Start-Process -FilePath $p -ArgumentList $a -Verb RunAs -Wait }';
-        await execa('powershell', ['-NoProfile', '-NonInteractive', '-Command', psCommand, installerPath, ...args]);
+        // To prevent command injection, we pass arguments via environment variables.
+        const envVars: Record<string, string> = {
+            'PS_INSTALLER_PATH': installerPath,
+            'PS_INSTALLER_ARGS': args.join(' ')
+        };
+
+        const psCommand = `
+            $p = [System.Environment]::GetEnvironmentVariable('PS_INSTALLER_PATH')
+            $a = [System.Environment]::GetEnvironmentVariable('PS_INSTALLER_ARGS')
+            Start-Process -FilePath $p -ArgumentList $a -Verb RunAs -Wait
+        `.trim();
+
+        await execa('powershell', ['-NoProfile', '-NonInteractive', '-Command', psCommand], {
+            env: { ...process.env, ...envVars }
+        });
     } else {
         await execa(installerPath, args);
     }
diff --git a/src/system/powershell.ts b/src/system/powershell.ts
@@ -1,18 +1,40 @@
 import { execa } from 'execa';
 import { logger } from '../core/logger.js';
 
-export async function runPs(command: string, args: string[] = []): Promise<string> {
+export async function runPs(script: string, args: string[] = []): Promise<string> {
     try {
+        // To prevent command injection, we pass arguments via environment variables
+        // and reconstruct the $args array inside PowerShell.
+        // This ensures that arguments are never interpreted as code by the PowerShell parser.
+        const envVars: Record<string, string> = {};
+        args.forEach((arg, i) => {
+            envVars[`PS_ARG_${i}`] = arg;
+        });
+
+        const wrapper = `
+            $args = @()
+            for ($i = 0; $true; $i++) {
+                $varName = "PS_ARG_$i"
+                if (Test-Path "Env:$varName") {
+                    $args += [System.Environment]::GetEnvironmentVariable($varName)
+                } else {
+                    break
+                }
+            }
+            & { ${script} } @args
+        `.trim();
+
         const { stdout } = await execa('powershell', [
             '-NoProfile',
             '-NonInteractive',
             '-Command',
-            command,
-            ...args
-        ]);
+            wrapper
+        ], {
+            env: { ...process.env, ...envVars }
+        });
         return stdout.trim();
     } catch (error) {
-        logger.debug(`PowerShell command failed: ${command}`, error);
+        logger.debug(`PowerShell script failed: ${script}`, error);
         throw error;
     }
 }
diff --git a/src/system/service.ts b/src/system/service.ts
@@ -73,8 +73,8 @@ export async function updateServiceBinPath(instance: string, port: number = 5432
 
     const binPath = buildServiceBinPath(SYSTEM_PATHS.PROXY_EXE, instance, port, extraArgs);
 
-    // Use CIM/WMI to update service path with arguments
-    await runPs('& { $svc = Get-CimInstance Win32_Service -Filter "Name=$($args[0])"; Invoke-CimMethod -InputObject $svc -MethodName Change -Arguments @{ PathName = $args[1] } }', [SERVICE_NAME, binPath]);
+    // Use CIM/WMI to update service path with arguments safely
+    await runPs('& { $svc = Get-CimInstance Win32_Service | Where-Object { $_.Name -eq $args[0] }; Invoke-CimMethod -InputObject $svc -MethodName Change -Arguments @{ PathName = $args[1] } }', [SERVICE_NAME, binPath]);
 }
 
 export async function uninstallService() {
diff --git a/tests/system.test.ts b/tests/system.test.ts
@@ -51,7 +51,11 @@ describe('System Module', () => {
 
             const result = await isServiceInstalled();
             expect(result).toBe(true);
-            expect(execa).toHaveBeenCalledWith('powershell', expect.arrayContaining([expect.stringContaining('Get-Service -Name $args[0]')]));
+            expect(execa).toHaveBeenCalledWith(
+                'powershell',
+                expect.arrayContaining([expect.stringContaining('Get-Service -Name $args[0]')]),
+                expect.any(Object)
+            );
         });
 
         it('should return false if service check fails', async () => {

Original file line number	Diff line number	Diff line change
`@@ -73,8 +73,8 @@ export async function updateServiceBinPath(instance: string, port: number = 5432`
`73`	`73`
`74`	`74`	`const binPath = buildServiceBinPath(SYSTEM_PATHS.PROXY_EXE, instance, port, extraArgs);`
`75`	`75`
`76`		`- // Use CIM/WMI to update service path with arguments`
`77`		`- await runPs('& { $svc = Get-CimInstance Win32_Service -Filter "Name=$($args[0])"; Invoke-CimMethod -InputObject $svc -MethodName Change -Arguments @{ PathName = $args[1] } }', [SERVICE_NAME, binPath]);`
	`76`	`+ // Use CIM/WMI to update service path with arguments safely`
	`77`	`+ await runPs('& { $svc = Get-CimInstance Win32_Service \| Where-Object { $_.Name -eq $args[0] }; Invoke-CimMethod -InputObject $svc -MethodName Change -Arguments @{ PathName = $args[1] } }', [SERVICE_NAME, binPath]);`
`78`	`78`	`}`
`79`	`79`
`80`	`80`	`export async function uninstallService() {`