How to add binary dependencies for bundlerEnv - nix

I've been trying to add some binary dependencies to a gemset I'm passing to bundlerEnv. The gem itself contains a binary extension component which requires a specific native library to be present.
I can't seem to find the bundlerEnv definition though and the docs have only pure-ruby examples. How would I add a dependency on some libfoobar (available in nixpkgs) to gemset entry like:
foo = {
dependencies = [];
gem_platform = "ruby";
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "...";
type = "gem";
};
target_platform = "x86_64-darwin-21";
version = "1.2.3";
};

The code for bundlerEnv is at https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/ruby-modules/bundler-env/default.nix.
If you would do a PR to nixpkgs I would say to add it to https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/ruby-modules/gem-config/default.nix but I don't know how to do that out of tree.

Related

Input_Path_Not_Canonicalized - PathTravesal Vulnerability in checkmarx

I am facing path traversal vulnerability while analyzing code through checkmarx. I am fetching path with below code:
String path = System.getenv(variableName);
and "path" variable value is traversing through many functions and finally used in one function with below code snippet:
File file = new File(path);
Checkmarx is marking it as medium severity vulnerability.
Please help.
How to resolve it to make it compatible with checkmarx?
Other answers that I believe Checkmarx will accept as sanitizers include Path.normalize:
import java.nio.file.*;
String path = System.getenv(variableName);
Path p = Paths.get(path);
Path normalizedPath = p.normalize();
path = new File(normalizedPath.toString());
or the FilenameUtils.normalize method:
import org.apache.commons.io.FilenameUtils;
String path = System.getenv(variableName);
File file = new File(FilenameUtils.normalize(path));
You can generate canonicalized path by calling File.getCanonicalPath().
In your case:
String path = System.getenv(variableName);
path = new File(path).getCanonicalPath();
For more information read Java Doc

Nix: how to change stdenv in nixpkgs.mkShell

I'd like to override the stdenv for mkShell to use gcc10Stdenv. I've looked at https://nixos.wiki/wiki/Using_Clang_instead_of_GCC, which provides instructions for overriding stdenv, but it doesn't describe how to do it for mkShell when just making a shell without reference to any specific package (only for "Using Nix CLI on existing packages").
My question is whether it's possible to override stdenv for mkShell without an existing package? And if so, how?
Try:
pkgs.mkShell.override {stdenv = pkgs.gcc10Stdenv} {
inputsFrom = ...;
...
}
This is the standard way to alter the inputs to packages (which are just functions) in nixpkgs. It should work in this case.
Alternately, you could just copy the mkShell implementation into ./mkShell.nix and import it, as Chris suggested.
let mkShell = import ./mkShell.nix;
in mkShell {
lib = pkgs.lib;
stdenv = pkgs.gcc10Stdenv;
} {
inputsFrom = ...;
}
This is just a regular function, so we're calling it with two parameters.

How to parse a TypeScript code base into ASTs

I want to parse TypeScript projects into ASTs.
I can parse single file by :
import ts = require("typescript");
var fs = require('fs');
var util = require('util');
const ast = ts.createSourceFile('sample.ts', fs.readFileSync('sample.ts').toString(), ts.ScriptTarget.ES6, true);
console.log("AST:"+util.inspect(ast));
I can even loop through the files and filter files by extension and run above code to generate ASt.
However I want to parse the whole project in such a way that the relationships (like imports) will be preserved in AST.
For example:
If, a.ts is referencing var x from b.ts as below:
a.ts:
var y = x;
b.ts:
var x = 5;
In this case signature of x in a .ts should be resolved as : b.ts.x or equivalent.
I just want all such relationships resolved in the ASts as I parse the .ts files one by one.
You can load your project using
ts.createProgram(rootNames: string[], options: CompilerOptions, host?: CompilerHost, oldProgram?: Program)
rootNames is the list of all typescript files in your project. As far as I know, unless you declare type explicitly, AST will have no reference to it.
for eg. If you have
class MyClass {
// some code
}
let instance1 = new MyClass();
let instance2: MyClass = new MyClass();
In AST, node for instance1 will have type property as undefined, for instance2 type property will have proper TypeReference
For type checking you can use Program.getTypeChecker(). This returns a TypeChecker which can be used to analyse files in the program.

Specifying path of included module

I'm trying to load a module from within addon code (not content script) that is compatible with CommonJS but which itself requires a module whose path needs to be specified.
After reading through the documentation for toolkit/loader, I thought I could accomplish what I'm after by simply creating a custom Loader and specifying a modules export in its options. Like so:
let { Loader, Module, load } = require("toolkit/loader");
let self = require("sdk/self");
// `bar` is required by `foo`
let loader = Loader({
modules: {
"bar": require("./bar")
}
});
let module = Module("foo", self.data.url("../lib/foo.js"));
load(loader, module);
And in foo, I simply require bar:
require("bar");
For whatever reason, this approach doesn't work. Maybe it requires the use of Cu.import or some such. The documentation is anything but clear.
I then took a different approach, one relying on specifying the paths attribute:
let self = require("sdk/self");
let loader = Loader({
paths: {
"bar": self.data.url("../lib/bar.js"),
}
});
let module = Module("foo", self.data.url("../lib/foo.js"));
load(loader, module);
But now nothing pertaining to the SDK loads inside foo. For instance, the following fails:
require("sdk/timers")
This seems to imply that additional initialisation of the Loader instance is required but I've no clue where to start.
Questions:
how can I specify the path to a module that is included somewhere without that causing havoc?
how can I retrieve the URL of an asset in the extension's lib directory? I'm currently using require("sdk/self").data.url("../lib/asset"), as you can see above, but surely there is a better way?
There is a simple way to load commonJS based modules.
for ex: if the below is folder structure of your add-on,
data\foo.js,
data\bar.js
then foo.js can simply include bar.js using the syntax.
var bar = require('bar');

How to read file from an imported library

I have two packages: webserver and utils which provides assets to webserver.
The webserver needs access to static files inside utils. So I have this setup:
utils/
lib/
static.html
How can I access the static.html file in one of my dart scripts in webserver?
EDIT: What I tried so far, is to use mirrors to get the path of the library, and read it from there. The problem with that approach is, that if utils is included with package:, the url returned by currentMirrorSystem().findLibrary(#utils).uri is a package uri, that can't be transformed to an actual file entity.
Use the Resource class, a new class in Dart SDK 1.12.
Usage example:
var resource = new Resource('package:myapp/myfile.txt');
var contents = await resource.loadAsString();
print(contents);
This works on the VM, as of 1.12.
However, this doesn't directly address your need to get to the actual File entity, from a package: URI. Given the Resource class today, you'd have to route the bytes from loadAsString() into the HTTP server's Response object.
I tend to use Platform.script or mirrors to find the main package top folder (i.e. where pubspec.yaml is present) and find imported packages exported assets. I agree this is not a perfect solution but it works
import 'dart:io';
import 'package:path/path.dart';
String getProjectTopPath(String resolverPath) {
String dirPath = normalize(absolute(resolverPath));
while (true) {
// Find the project root path
if (new File(join(dirPath, "pubspec.yaml")).existsSync()) {
return dirPath;
}
String newDirPath = dirname(dirPath);
if (newDirPath == dirPath) {
throw new Exception("No project found for path '$resolverPath");
}
dirPath = newDirPath;
}
}
String getPackagesPath(String resolverPath) {
return join(getProjectTopPath(resolverPath), 'packages');
}
class _TestUtils {}
main(List<String> arguments) {
// User Platform.script - does not work in unit test
String currentScriptPath = Platform.script.toFilePath();
String packagesPath = getPackagesPath(currentScriptPath);
// Get your file using the package name and its relative path from the lib folder
String filePath = join(packagesPath, "utils", "static.html");
print(filePath);
// use mirror to find this file path
String thisFilePath = (reflectClass(_TestUtils).owner as LibraryMirror).uri.toString();
packagesPath = getPackagesPath(thisFilePath);
filePath = join(packagesPath, "utils", "static.html");
print(filePath);
}
To note that since recently Platform.script is not reliable in unit test when using the new test package so you might use the mirror tricks that I propose above and explained here: https://github.com/dart-lang/test/issues/110

Resources