-
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathupdate.go
More file actions
82 lines (73 loc) · 2.49 KB
/
update.go
File metadata and controls
82 lines (73 loc) · 2.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
package main
import (
"encoding/json"
"fmt"
"net/http"
"os/exec"
"strings"
"syscall"
"time"
)
// checkForUpdate checks for a new release and calls cb if found.
func checkForUpdate(cb func(version, url string)) {
const repo = "woopstar/AutoExitNode"
url := fmt.Sprintf("https://api.github.com/repos/%s/releases/latest", repo)
req, err := http.NewRequest("GET", url, nil)
if err != nil {
fmt.Println("checkForUpdate: failed to create request:", err)
return
}
req.Header.Set("Accept", "application/vnd.github+json")
client := &http.Client{Timeout: 5 * time.Second}
resp, err := client.Do(req)
if err != nil {
fmt.Println("checkForUpdate: HTTP request failed:", err)
return
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
fmt.Printf("checkForUpdate: unexpected status code: %d\n", resp.StatusCode)
return
}
var data struct {
TagName string `json:"tag_name"`
HTMLURL string `json:"html_url"`
}
if err := json.NewDecoder(resp.Body).Decode(&data); err != nil {
fmt.Println("checkForUpdate: failed to decode JSON:", err)
return
}
if data.TagName != "" && data.TagName != currentVersion {
showWindowsNotification("Update available!", fmt.Sprintf("New version: %s\nSee: %s", data.TagName, data.HTMLURL))
if cb != nil {
cb(data.TagName, data.HTMLURL)
}
} else if cb != nil {
cb("", "")
}
}
// isSafeForPowerShell checks for dangerous characters that could break out of the PowerShell string literal.
func isSafeForPowerShell(s string) bool {
// Disallow newlines and backticks, which can break PowerShell string literals
return !strings.ContainsAny(s, "`\r\n")
}
// showWindowsNotification displays a notification on Windows using PowerShell.
// Input is sanitized and validated to prevent command injection.
// #nosec G204
func showWindowsNotification(title, message string) {
if !isSafeForPowerShell(title) || !isSafeForPowerShell(message) {
fmt.Println("Unsafe notification input detected, aborting notification")
return
}
cmd := exec.Command("powershell", "-Command",
fmt.Sprintf(`Add-Type -AssemblyName PresentationFramework;[System.Windows.MessageBox]::Show('%s', '%s')`,
escapeForPowerShell(message), escapeForPowerShell(title)))
cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true}
if err := cmd.Run(); err != nil {
fmt.Println("showWindowsNotification: failed to show popup:", err)
}
}
// escapeForPowerShell escapes single quotes for PowerShell string literals.
func escapeForPowerShell(s string) string {
return strings.ReplaceAll(s, "'", "''")
}