chore: new release with minimal changes

Author: Kinin-Code-Offical

CHANGELOG.md

@@ -95,5 +95,3 @@
 - **Build**: Resolved duplicate exports in service module.
 - **Types**: Fixed TypeScript errors in self-heal and service commands.
 - **Linting**: Corrected Markdown formatting issues.
-
-

docs/commands.md

@@ -328,4 +328,3 @@ Options:
   --json          Output status in JSON format
   -h, --help      display help for command
 ```
-

src/commands/auth.ts

@@ -106,7 +106,7 @@ authCommand.command('set-service-account')
             if (scope === 'Machine') {
                 // Hardening ACLs
                 // Remove inheritance, grant Administrators and SYSTEM full access
-                await runPs(`icacls "${dest}" /inheritance:r /grant:r "Administrators:(R)" "SYSTEM:(R)"`);
+                await runPs('& { icacls $args[0] /inheritance:r /grant:r "Administrators:(R)" "SYSTEM:(R)" }', [dest]);
                 logger.info('Applied security ACLs to credentials file.');
             }
 

src/core/selfUpdate.ts

@@ -177,8 +177,9 @@ export async function applyUpdateInstaller(installerPath: string, silent: boolea
 
     if (elevate) {
         // Use PowerShell Start-Process -Verb RunAs
-        const psCommand = `Start-Process -FilePath "${installerPath}" -ArgumentList "${args.join(' ')}" -Verb RunAs -Wait`;
-        await execa('powershell', ['-NoProfile', '-Command', psCommand]);
+        // We use a script block and pass arguments to avoid injection
+        const psCommand = '& { param($p, $a) Start-Process -FilePath $p -ArgumentList $a -Verb RunAs -Wait }';
+        await execa('powershell', ['-NoProfile', '-Command', psCommand, installerPath, args.join(' ')]);
     } else {
         await execa(installerPath, args);
     }

src/core/updater.ts

@@ -4,6 +4,7 @@ import crypto from 'crypto';
 import path from 'path';
 import { PATHS } from '../system/paths.js';
 import { logger } from './logger.js';
+import { escapeRegExp } from './utils.js';
 
 const GITHUB_REPO = 'GoogleCloudPlatform/cloud-sql-proxy';
 const ASSET_NAME = 'cloud-sql-proxy.x64.exe';
@@ -46,7 +47,8 @@ export async function downloadProxy(version: string, targetPath: string = PATHS.
         // Extract checksum from release body
         const { body } = response.data;
         // Regex to match: | [cloud-sql-proxy.x64.exe](...) | <hash> |
-        const checksumRegex = new RegExp(`\\| \\[${ASSET_NAME.replace(/\./g, '\\.')}\\]\\(.*?\\) \\| ([a-f0-9]{64}) \\|`);
+        const escapedAssetName = escapeRegExp(ASSET_NAME);
+        const checksumRegex = new RegExp(`\\| \\[${escapedAssetName}\\]\\(.*?\\) \\| ([a-f0-9]{64}) \\|`);
         const match = body.match(checksumRegex);
 
         if (match && match[1]) {

src/core/utils.ts

@@ -12,3 +12,7 @@ export async function getTail(filePath: string, lines: number = 10): Promise<str
 export function sleep(ms: number) {
     return new Promise(resolve => setTimeout(resolve, ms));
 }
+
+export function escapeRegExp(string: string): string {
+    return string.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}

src/system/env.ts

@@ -8,24 +8,24 @@ export async function setEnv(name: string, value: string, scope: 'Machine' | 'Us
         throw new Error('Admin privileges required to set system environment variables.');
     }
     logger.info(`Setting ${scope} environment variable: ${name}=${value}`);
-    await runPs(`[Environment]::SetEnvironmentVariable("${name}", "${value}", "${scope}")`);
+    await runPs('& { [Environment]::SetEnvironmentVariable($args[0], $args[1], $args[2]) }', [name, value, scope]);
 }
 
 export async function setupEnvironment(scope: 'Machine' | 'User' = 'User', force: boolean = false) {
     logger.info(`Configuring ${scope} environment variables...`);
     const paths = scope === 'Machine' ? SYSTEM_PATHS : USER_PATHS;
 
-    const currentHome = await runPs(`[Environment]::GetEnvironmentVariable("${ENV_VARS.HOME}", "${scope}")`);
+    const currentHome = await runPs('& { [Environment]::GetEnvironmentVariable($args[0], $args[1]) }', [ENV_VARS.HOME, scope]);
     if (force || !currentHome) {
         await setEnv(ENV_VARS.HOME, paths.HOME, scope);
     }
 
-    const currentLogs = await runPs(`[Environment]::GetEnvironmentVariable("${ENV_VARS.LOGS}", "${scope}")`);
+    const currentLogs = await runPs('& { [Environment]::GetEnvironmentVariable($args[0], $args[1]) }', [ENV_VARS.LOGS, scope]);
     if (force || !currentLogs) {
         await setEnv(ENV_VARS.LOGS, paths.LOGS, scope);
     }
 
-    const currentProxy = await runPs(`[Environment]::GetEnvironmentVariable("${ENV_VARS.PROXY_PATH}", "${scope}")`);
+    const currentProxy = await runPs('& { [Environment]::GetEnvironmentVariable($args[0], $args[1]) }', [ENV_VARS.PROXY_PATH, scope]);
     if (force || !currentProxy) {
         await setEnv(ENV_VARS.PROXY_PATH, paths.PROXY_EXE, scope);
     }
@@ -38,9 +38,9 @@ export async function checkEnvironment(scope: 'Machine' | 'User' = 'User'): Prom
 }
 
 export async function checkEnvironmentDetailed(scope: 'Machine' | 'User' = 'User'): Promise<{ ok: boolean, problems: string[], values: { home: string, logs: string, proxy: string } }> {
-    const home = await runPs(`[Environment]::GetEnvironmentVariable("${ENV_VARS.HOME}", "${scope}")`);
-    const logs = await runPs(`[Environment]::GetEnvironmentVariable("${ENV_VARS.LOGS}", "${scope}")`);
-    const proxy = await runPs(`[Environment]::GetEnvironmentVariable("${ENV_VARS.PROXY_PATH}", "${scope}")`);
+    const home = await runPs('& { [Environment]::GetEnvironmentVariable($args[0], $args[1]) }', [ENV_VARS.HOME, scope]);
+    const logs = await runPs('& { [Environment]::GetEnvironmentVariable($args[0], $args[1]) }', [ENV_VARS.LOGS, scope]);
+    const proxy = await runPs('& { [Environment]::GetEnvironmentVariable($args[0], $args[1]) }', [ENV_VARS.PROXY_PATH, scope]);
 
     const problems: string[] = [];
 

src/system/powershell.ts

@@ -1,9 +1,15 @@
 import { execa } from 'execa';
 import { logger } from '../core/logger.js';
 
-export async function runPs(command: string): Promise<string> {
+export async function runPs(command: string, args: string[] = []): Promise<string> {
     try {
-        const { stdout } = await execa('powershell', ['-NoProfile', '-NonInteractive', '-Command', command]);
+        const { stdout } = await execa('powershell', [
+            '-NoProfile',
+            '-NonInteractive',
+            '-Command',
+            command,
+            ...args
+        ]);
         return stdout.trim();
     } catch (error) {
         logger.debug(`PowerShell command failed: ${command}`, error);
@@ -23,7 +29,7 @@ export async function isAdmin(): Promise<boolean> {
 
 export async function getEnvVar(name: string, scope: 'Machine' | 'User' | 'Process' = 'Machine'): Promise<string | null> {
     try {
-        const val = await runPs(`[Environment]::GetEnvironmentVariable("${name}", "${scope}")`);
+        const val = await runPs('& { [Environment]::GetEnvironmentVariable($args[0], $args[1]) }', [name, scope]);
         return val || null;
     } catch {
         return null;

src/system/service.ts

@@ -4,7 +4,7 @@ import { logger } from '../core/logger.js';
 
 export async function isServiceInstalled(): Promise<boolean> {
     try {
-        await runPs(`Get-Service -Name "${SERVICE_NAME}" -ErrorAction Stop`);
+        await runPs('& { Get-Service -Name $args[0] -ErrorAction Stop }', [SERVICE_NAME]);
         return true;
     } catch {
         return false;
@@ -13,7 +13,7 @@ export async function isServiceInstalled(): Promise<boolean> {
 
 export async function isServiceRunning(): Promise<boolean> {
     try {
-        const status = await runPs(`(Get-Service -Name "${SERVICE_NAME}").Status`);
+        const status = await runPs('& { (Get-Service -Name $args[0]).Status }', [SERVICE_NAME]);
         return status === 'Running';
     } catch {
         return false;
@@ -54,8 +54,8 @@ export async function installService(instance: string, port: number = 5432, extr
 
     const binPath = buildServiceBinPath(SYSTEM_PATHS.PROXY_EXE, instance, port, extraArgs);
 
-    // Use New-Service with single-quoted BinaryPathName
-    await runPs(`New-Service -Name "${SERVICE_NAME}" -BinaryPathName '${binPath}' -StartupType Automatic`);
+    // Use New-Service with arguments to avoid injection
+    await runPs('& { New-Service -Name $args[0] -BinaryPathName $args[1] -StartupType Automatic }', [SERVICE_NAME, binPath]);
 }
 
 export async function updateServiceBinPath(instance: string, port: number = 5432, extraArgs: string[] = []) {
@@ -73,8 +73,8 @@ export async function updateServiceBinPath(instance: string, port: number = 5432
 
     const binPath = buildServiceBinPath(SYSTEM_PATHS.PROXY_EXE, instance, port, extraArgs);
 
-    // Use CIM/WMI to update service path
-    await runPs(`$svc = Get-CimInstance Win32_Service -Filter "Name='${SERVICE_NAME}'"; Invoke-CimMethod -InputObject $svc -MethodName Change -Arguments @{ PathName = '${binPath}' }`);
+    // Use CIM/WMI to update service path with arguments
+    await runPs('& { $svc = Get-CimInstance Win32_Service -Filter "Name=$($args[0])"; Invoke-CimMethod -InputObject $svc -MethodName Change -Arguments @{ PathName = $args[1] } }', [SERVICE_NAME, binPath]);
 }
 
 export async function uninstallService() {
@@ -90,23 +90,23 @@ export async function uninstallService() {
     await stopService();
 
     // Use sc.exe delete instead of Remove-Service for better compatibility
-    await runPs(`sc.exe delete "${SERVICE_NAME}"`);
+    await runPs('& { sc.exe delete $args[0] }', [SERVICE_NAME]);
 }
 
 export async function startService() {
     if (!await isAdmin()) {
         throw new Error('Admin privileges required to start service.');
     }
     logger.info(`Starting service ${SERVICE_NAME}...`);
-    await runPs(`Start-Service -Name "${SERVICE_NAME}"`);
+    await runPs('& { Start-Service -Name $args[0] }', [SERVICE_NAME]);
 }
 
 export async function stopService() {
     if (!await isAdmin()) {
         throw new Error('Admin privileges required to stop service.');
     }
     logger.info(`Stopping service ${SERVICE_NAME}...`);
-    await runPs(`Stop-Service -Name "${SERVICE_NAME}" -Force`);
+    await runPs('& { Stop-Service -Name $args[0] -Force }', [SERVICE_NAME]);
 }
 
 export async function setServiceStartupType(type: 'Automatic' | 'Manual' | 'Disabled' | 'Delayed') {
@@ -116,10 +116,10 @@ export async function setServiceStartupType(type: 'Automatic' | 'Manual' | 'Disa
 
     if (type === 'Delayed') {
         // Delayed start is a special case of Automatic
-        await runPs(`Set-Service -Name "${SERVICE_NAME}" -StartupType Automatic`);
-        await runPs(`sc.exe config "${SERVICE_NAME}" start= delayed-auto`);
+        await runPs('& { Set-Service -Name $args[0] -StartupType Automatic }', [SERVICE_NAME]);
+        await runPs('& { sc.exe config $args[0] start= delayed-auto }', [SERVICE_NAME]);
     } else {
-        await runPs(`Set-Service -Name "${SERVICE_NAME}" -StartupType ${type}`);
+        await runPs('& { Set-Service -Name $args[0] -StartupType $args[1] }', [SERVICE_NAME, type]);
     }
     logger.info(`Service startup type set to ${type}.`);
 }

test.txt

@@ -0,0 +1 @@
+test