- Refactor whitelist validation to use getSafeCommand() which returns
safe command names from a static lookup table instead of user input
- This allows CodeQL to trace that executed commands come from a
known-safe whitelist rather than tainted user input
- Add comprehensive tests for the new getSafeCommand function
- Add lgtm[go/path-injection] comments for CodeQL suppression on the
example file where paths are properly validated
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit addresses a critical security issue identified by CodeRabbit
where the sudo flag-skipping logic could be bypassed to execute arbitrary
commands (e.g., "sudo -u apt bash -c malicious_command").
Changes:
- Add allowedCommands whitelist for package managers
- Add allowedSudoCommands whitelist for commands after sudo/pkexec/doas
- Implement isCommandAllowed() with secure validation that rejects
any sudo invocation with flags before the command
- Add comprehensive test cases including bypass attack scenarios
The fix follows CodeRabbit's recommendation to not attempt parsing
sudo flags, instead requiring the package manager to immediately
follow the privilege escalation command.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add global defaults config stored in ~/.config/wails/defaults.yaml
- Add light/dark mode toggle with theme persistence
- Add PKGBUILD support to Linux build formats display
- Add macOS signing clarification (public identifiers vs Keychain storage)
- Fix spinner animation using CSS animate-spin
- Add signing defaults for macOS and Windows code signing
- Compact defaults page layout with 2-column design
- Add Wails logo with proper light/dark theme variants
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add retry button to dependencies page when missing deps exist
- Add loading spinner animation when checking dependencies
- Merge required/optional dependency lists with (optional) indicator
- Show single combined install command for all missing system packages
- Remove individual install commands and redundant status messages
- Fix duplicate npm appearing in both required and optional sections
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Apple, Windows, and Tux (Linux) SVG logos in welcome screen
- Remove extra "v" prefix from Wails version display
- Remove "go" prefix from Go version display
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Redesign as classic Windows-style page-by-page wizard
- Add install commands from doctor/packagemanager for missing deps
- Show copyable commands for system package installs (pacman, apt, etc)
- Add external links for npm (nodejs.org) and Docker (docker.com)
- Add API endpoint to run install commands from wizard
- Show breadcrumb navigation: Welcome > Dependencies > Docker > Complete
- Add Cancel button and Back/Next navigation
- Dependencies page shows Required/Optional sections with status
- Docker page shows cross-compilation setup with image build option
- Complete page has copyable next steps commands
- Include InstallCommand and HelpURL fields in DependencyStatus
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
