mirror of
https://github.com/prowler-cloud/prowler.git
synced 2026-07-04 19:21:51 +00:00
1090ed59b7
Co-authored-by: Pablo F.G <pablo.fernandez@prowler.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Alan Buscaglia <gentlemanprogramming@gmail.com>
94 lines
2.6 KiB
JavaScript
94 lines
2.6 KiB
JavaScript
#!/usr/bin/env node
|
|
|
|
/**
|
|
* Post-install script for Prowler UI
|
|
*
|
|
* This script runs after npm install to:
|
|
* 1. Update dependency log (if the script exists)
|
|
* 2. Setup git hooks (if the script exists)
|
|
*/
|
|
|
|
const fs = require("fs");
|
|
const path = require("path");
|
|
|
|
function runScriptIfExists(scriptPath, scriptName) {
|
|
const fullPath = path.join(__dirname, scriptPath);
|
|
|
|
if (fs.existsSync(fullPath)) {
|
|
try {
|
|
require(fullPath);
|
|
} catch (error) {
|
|
console.warn(`⚠️ Error running ${scriptName}:`, error.message);
|
|
}
|
|
} else {
|
|
console.log(`Skip ${scriptName} (script missing)`);
|
|
}
|
|
}
|
|
|
|
function hardenMswServiceWorker() {
|
|
const workerPath = path.join(
|
|
__dirname,
|
|
"..",
|
|
"public",
|
|
"mockServiceWorker.js",
|
|
);
|
|
|
|
let workerFile;
|
|
try {
|
|
workerFile = fs.openSync(workerPath, "r+");
|
|
} catch (error) {
|
|
if (error.code === "ENOENT") {
|
|
console.log("Skip MSW service worker hardening (worker missing)");
|
|
return;
|
|
}
|
|
throw error;
|
|
}
|
|
|
|
try {
|
|
const workerSource = fs.readFileSync(workerFile, "utf8");
|
|
const originGuard = "event.origin !== self.location.origin";
|
|
|
|
if (workerSource.includes(originGuard)) {
|
|
return;
|
|
}
|
|
|
|
const messageHandlerStart =
|
|
"addEventListener('message', async function (event) {\n const clientId = Reflect.get(event.source || {}, 'id')\n";
|
|
const hardenedMessageHandlerStart =
|
|
"addEventListener('message', async function (event) {\n" +
|
|
" // Only accept messages from pages served from the same origin as this worker.\n" +
|
|
" if (event.origin !== self.location.origin) {\n" +
|
|
" return\n" +
|
|
" }\n\n" +
|
|
" const clientId = Reflect.get(event.source || {}, 'id')\n";
|
|
|
|
if (!workerSource.includes(messageHandlerStart)) {
|
|
console.warn(
|
|
"⚠️ Unable to harden MSW service worker: message handler changed",
|
|
);
|
|
return;
|
|
}
|
|
|
|
const hardenedWorkerSource = workerSource.replace(
|
|
messageHandlerStart,
|
|
hardenedMessageHandlerStart,
|
|
);
|
|
|
|
fs.ftruncateSync(workerFile, 0);
|
|
fs.writeSync(workerFile, hardenedWorkerSource, 0, "utf8");
|
|
console.log("Hardened MSW service worker message origin handling");
|
|
} finally {
|
|
fs.closeSync(workerFile);
|
|
}
|
|
}
|
|
|
|
// Run dependency log update
|
|
runScriptIfExists("./update-dependency-log.js", "deps:log");
|
|
|
|
// Re-apply local hardening after MSW regenerates the worker during install.
|
|
// Keep this before setup-git-hooks because that script can exit the process.
|
|
hardenMswServiceWorker();
|
|
|
|
// Run git hooks setup
|
|
runScriptIfExists("./setup-git-hooks.js", "setup-git-hooks");
|