anesis 0.9.1

CLI for scaffolding projects from remote templates and extending them with project addons
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112

use std::path::{Component, Path, PathBuf};

use anyhow::{Context, Result};

pub mod append;
pub mod copy;
pub mod create;
pub mod delete;
pub mod inject;
pub mod move_step;
pub mod rename;
pub mod replace;

pub enum Rollback {
  DeleteCreatedFile { path: PathBuf },
  RestoreFile { path: PathBuf, original: Vec<u8> },
  RenameFile { from: PathBuf, to: PathBuf },
}

/// Renders content lines with Tera one_off — substitutes {{ var }} from user inputs.
pub fn render_lines(lines: &[String], ctx: &tera::Context) -> Result<Vec<String>> {
  lines
    .iter()
    .map(|line| tera::Tera::one_off(line, ctx, false).map_err(Into::into))
    .collect()
}

/// Renders a single string with Tera — used for dynamic file paths.
pub fn render_string(s: &str, ctx: &tera::Context) -> Result<String> {
  tera::Tera::one_off(s, ctx, false).map_err(Into::into)
}

/// Normalises `root.join(relative)` without touching the filesystem by
/// resolving `.` and `..` components lexically.
fn normalize_join(root: &Path, relative: &str) -> PathBuf {
  let joined = root.join(relative);
  let mut out = PathBuf::new();
  for component in joined.components() {
    match component {
      Component::ParentDir => {
        out.pop();
      }
      Component::CurDir => {}
      c => out.push(c),
    }
  }
  out
}

/// Normalises `root` itself lexically (no filesystem I/O).
fn normalize_path(path: &Path) -> PathBuf {
  let mut out = PathBuf::new();
  for component in path.components() {
    match component {
      Component::ParentDir => {
        out.pop();
      }
      Component::CurDir => {}
      c => out.push(c),
    }
  }
  out
}

/// Joins `root` with `relative`, normalises the result lexically, then
/// verifies the resulting path starts with `root`.  Returns the normalised
/// path or an error if the path would escape `root`.
///
/// This prevents path-traversal attacks in addon manifests (e.g. `../../etc/passwd`).
pub(super) fn safe_join(root: &Path, relative: &str, label: &str) -> Result<PathBuf> {
  let norm_root = normalize_path(root);
  let path = normalize_join(root, relative);
  if !path.starts_with(&norm_root) {
    return Err(anyhow::anyhow!(
      "Path traversal blocked: {} '{}' would escape the root directory",
      label,
      relative
    ));
  }
  Ok(path)
}

pub(super) fn resolve_target(
  target: &crate::addons::manifest::Target,
  project_root: &Path,
) -> Result<Vec<PathBuf>> {
  use crate::addons::manifest::Target;
  match target {
    Target::File { file } => {
      let path = safe_join(project_root, file, "target file")?;
      Ok(vec![path])
    }
    Target::Glob { glob } => {
      // Validate the pattern itself doesn't traverse outside root
      safe_join(project_root, glob, "glob pattern")?;
      let pattern = project_root.join(glob).to_string_lossy().to_string();
      let canonical_root = project_root
        .canonicalize()
        .with_context(|| format!("Cannot resolve project root '{}'", project_root.display()))?;
      let paths = glob::glob(&pattern)?
        .filter_map(|e| e.ok())
        // Filter out any results that escape root via symlinks
        .filter(|p| {
          p.canonicalize()
            .map(|cp| cp.starts_with(&canonical_root))
            .unwrap_or(false)
        })
        .collect();
      Ok(paths)
    }
  }
}