Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DX - 781 - fixed the Semgrep issues, version bump and added deprecation note #51

Merged
merged 12 commits into from
Jul 17, 2024
1 change: 0 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
package-lock.json
node_modules
logs
contents
Expand Down
2 changes: 1 addition & 1 deletion LICENSE
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@

MIT License

Copyright (c) 2012-2019 Contentstack (http://app.contentstack.com). All Rights Reserved
Copyright (c) 2012-2024 Contentstack (http://app.contentstack.com). All Rights Reserved

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
Expand Down
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
# Contentstack import utility

**Note**: The contentstack-import command-line utility will soon be deprecated. We recommend you to check out our latest [CLI documentation](https://www.contentstack.com/docs/developers/cli) for performing content management activities.

Contentstack is a headless CMS with an API-first approach that puts content at the centre. It is designed to simplify the process of publication by separating code from content.

This tool helps you to import content which is exported using [contentstack-export](https://github.com/contentstack/contentstack-export) utility into another stack.
Expand Down
27 changes: 27 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
## Security

Contentstack takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations.

If you believe you have found a security vulnerability in any Contentstack-owned repository, please report it to us as described below.

## Reporting Security Issues

**Please do not report security vulnerabilities through public GitHub issues.**

Send email to [security@contentstack.com](mailto:security@contentstack.com).

You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message.

Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:

- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
- Full paths of source file(s) related to the manifestation of the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit the issue

This information will help us triage your report more quickly.

[https://www.contentstack.com/trust/](https://www.contentstack.com/trust/)
29 changes: 19 additions & 10 deletions app.js
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,15 @@ var path = require('path');
var login = require('./lib/util/login');
var util = require('./lib/util/index');
var log = require('./lib/util/log');
const conf = require('./config/default');

var config = util.initialization();

function isValid(input) {
const regex = /^[a-zA-Z0-9_]+$/;
return regex.test(input);
}

if(config && config !== undefined) {
login(config)
.then(function () {
Expand All @@ -27,16 +34,18 @@ if(config && config !== undefined) {

if (process.argv.length === 3) {
var val = process.argv[2];
if (val && types.indexOf(val) > -1) {
var moduleImport = require('./lib/import/' + val);
return moduleImport.start().then(function () {
log.success(val + ' was imported successfully!');
return;
}).catch(function (error) {
log.error('Failed to import ' + val);
log.error(error);
return;
});
if (isValid(val) && val && types.indexOf(val) > -1) {
if(conf.modules.types.includes(val)){
var moduleImport = require('./lib/import/' + conf.modules.types.includes(val)?val:'');
return moduleImport.start().then(function () {
log.success(val + ' was imported successfully!');
return;
}).catch(function (error) {
log.error('Failed to import ' + val);
log.error(error);
return;
});
}
} else {
log.error('Please provide valid module name.');
return 0;
Expand Down
26 changes: 13 additions & 13 deletions lib/import/assets.js
Original file line number Diff line number Diff line change
Expand Up @@ -18,21 +18,21 @@ var helper = require('../util/fs');
var log = require('../util/log');

var util = require('../util/');

const sanitizePath = require('../util/utility')
var config = util.getConfig();
// var reqConcurrency = config.concurrency;
var assetsConfig = config.modules.assets;
var assetsFolderPath = path.join(config.data, config.modules.assets.dirName);
var mapperDirPath = path.resolve(config.data, 'mapper', 'assets');
var environmentPath = path.resolve(config.data, 'environments', 'environments.json');
var assetsFolderPath = path.join(sanitizePath(config.data), sanitizePath(config.modules.assets.dirName));
var mapperDirPath = path.resolve(sanitizePath(config.data), 'mapper', 'assets');
var environmentPath = path.resolve(sanitizePath(config.data), 'environments', 'environments.json');

var assetBatchLimit = (assetsConfig.hasOwnProperty('batchLimit') && typeof assetBatchLimit === 'number') ?
assetsConfig.assetBatchLimit : 2;

mkdirp.sync(mapperDirPath);

function importAssets () {
this.assets = helper.readFile(path.join(assetsFolderPath, assetsConfig.fileName));
this.assets = helper.readFile(path.join(sanitizePath(assetsFolderPath), sanitizePath(assetsConfig.fileName)));
this.environment = helper.readFile(environmentPath);
this.requestOptions = {
uri: config.host + config.apis.assets,
Expand All @@ -46,9 +46,9 @@ function importAssets () {
this.uidMapping = {};
this.urlMapping = {};
this.fails = [];
this.uidMapperPath = path.join(mapperDirPath, 'uid-mapping.json');
this.urlMapperPath = path.join(mapperDirPath, 'url-mapping.json');
this.failsPath = path.join(mapperDirPath, 'fail.json');
this.uidMapperPath = path.join(sanitizePath(mapperDirPath), 'uid-mapping.json');
this.urlMapperPath = path.join(sanitizePath(mapperDirPath), 'url-mapping.json');
this.failsPath = path.join(sanitizePath(mapperDirPath), 'fail.json');
if (fs.existsSync(this.uidMapperPath)) {
this.uidMapping = helper.readFile(this.uidMapperPath);
}
Expand Down Expand Up @@ -85,7 +85,7 @@ importAssets.prototype = {
// the asset has been already imported
return;
}
var currentAssetFolderPath = path.join(assetsFolderPath, assetUid);
var currentAssetFolderPath = path.join(sanitizePath(assetsFolderPath), sanitizePath(assetUid));
if (fs.existsSync(currentAssetFolderPath)) {
// if this is true, means, the exported asset data is versioned
// hence, upload each asset with its version
Expand All @@ -96,7 +96,7 @@ importAssets.prototype = {
return;
});
} else {
var assetPath = path.resolve(currentAssetFolderPath, self.assets[assetUid].filename);
var assetPath = path.resolve(sanitizePath(currentAssetFolderPath), sanitizePath(self.assets[assetUid].filename));
var uidContainer = {};
var urlContainer = {};
if(self.assets[assetUid].parent_uid && typeof self.assets[assetUid].parent_uid === 'string') {
Expand Down Expand Up @@ -159,7 +159,7 @@ importAssets.prototype = {
uploadVersionedAssets: function (uid, assetFolderPath) {
var self = this;
return new Promise(function (resolve, reject) {
var versionedAssetMetadata = helper.readFile(path.join(assetFolderPath, '_contentstack_' + uid + '.json'));
var versionedAssetMetadata = helper.readFile(path.join(sanitizePath(assetFolderPath), '_contentstack_' + sanitizePath(uid) + '.json'));
// using last version, find asset's parent

var lastVersion = versionedAssetMetadata[versionedAssetMetadata.length - 1];
Expand All @@ -182,7 +182,7 @@ importAssets.prototype = {
var urlContainer = {};
return Promise.map(versionedAssetMetadata, function () {
var assetMetadata = versionedAssetMetadata[counter];
var assetPath = path.join(assetFolderPath, assetMetadata.filename);
var assetPath = path.join(sanitizePath(assetFolderPath), sanitizePath(assetMetadata.filename));
if (++counter === 1) {
// delete assetMetadata.uid;
return self.uploadAsset(assetPath, assetMetadata, uidContainer, urlContainer).then(function () {
Expand Down Expand Up @@ -298,7 +298,7 @@ importAssets.prototype = {
var mappedFolderPath = path.resolve(config.data, 'mapper', 'assets', 'folder-mapping.json');
self.folderDetails = helper.readFile(path.resolve(assetsFolderPath, 'folders.json'));
if (_.isEmpty(self.folderDetails)) {
log.success('No folders were found at: ' + path.join(assetsFolderPath, 'folders.json'));
log.success('No folders were found at: ' + path.join(sanitizePath(assetsFolderPath), 'folders.json'));
return resolve();
}
var tree = self.buildTree(_.cloneDeep(self.folderDetails));
Expand Down
Loading
Loading