Skip to content

Add secure clone-demo.sh script with comprehensive safety features #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
joe10832 merged 1 commit into from
Sep 24, 2025
Merged

Add secure clone-demo.sh script with comprehensive safety features #21

joe10832 merged 1 commit into from
Sep 24, 2025

Conversation

Copy link
Contributor

Copilot AI commented Sep 24, 2025
edited
Loading

This PR addresses critical security vulnerabilities in directory removal operations by implementing a secure clone-demo.sh script with comprehensive safety measures.

Key Security Improvements

Enhanced Portability

  • Improved shebang declaration: Uses #!/usr/bin/env bash for better cross-platform compatibility
  • Strict error handling: Implements set -euo pipefail to prevent script execution with errors

Critical Safety Validation

The script implements multi-layered validation before any directory removal operations:

# Protected system directories that cannot be removed
readonly PROTECTED_DIRS=(
    "/"
    "/bin"
    "/boot" 
    "/dev"
    "/etc"
    "/home"
    "/lib"
    "/usr"
    "/var"
    # ... and more
)

Comprehensive Protection Against Dangerous Directory Values

  • System directory protection: Prevents removal of critical paths like /, /home, /usr, etc.
  • Input validation: Rejects empty strings, whitespace-only paths, and dangerous patterns
  • Path resolution: Uses readlink -f to resolve and validate absolute paths
  • User confirmation: Requires explicit confirmation for all destructive operations
  • Safe function design: safe_remove_directory() with multiple validation layers

Security Testing Results

The script successfully blocks dangerous operations:

  • ./clone-demo.sh --force / → "Cannot remove protected directory"
  • ./clone-demo.sh --force /home → "Cannot remove protected directory"
  • ./clone-demo.sh --force "" → "Directory path cannot be empty"
  • ./clone-demo.sh --help → Shows comprehensive usage and safety features

Additional Features

  • Visual feedback: Color-coded output for different message types
  • Comprehensive help: Detailed usage documentation with safety feature descriptions
  • Flexible options: Support for custom repositories, force mode, and cleanup operations
  • Error handling: Proper exit codes and descriptive error messages

The script prevents catastrophic system damage from potentially dangerous rm -rf commands while maintaining all existing functionality for legitimate demo setup operations.

Fixes #20.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@joe10832 joe10832 marked this pull request as ready for review September 24, 2025 08:12
Copilot AI review requested due to automatic review settings September 24, 2025 08:12
Copilot AI reviewed Sep 24, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@joe10832 joe10832 merged commit f99cf27 into main Sep 24, 2025
3 checks passed
@joe10832 joe10832 self-requested a review September 24, 2025 08:13
This was linked to issues Sep 24, 2025
## Pull Request Overview #17
Closed
The tilde (~) comparison will not match the actual home directory path. The shell expands ~ to the full home directory path before the comparison, so this check will never match a user's home directory. Use "$TARGET_DIR" == "$HOME" to properly check for the home directory."$TARGET_DIR" == "$HOME" #19
Open
README.md docs/node/overview.mdx #7
Closed
Use 'DApps' instead of 'dApp' for consistency with standard blockchain terminology. #10
Open
## Pull Request Overview #2
Open
@joe10832 joe10832 removed their assignment Sep 24, 2025
Copilot AI changed the title [WIP] ## Pull Request Overview Add secure clone-demo.sh script with comprehensive safety features Sep 24, 2025
joe10832
joe10832 approved these changes Oct 1, 2025
View reviewed changes
Copy link
Member

@joe10832 joe10832 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

+1 more reviewer

@joe10832 joe10832 joe10832 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

2 participants

@joe10832