Codex
59 lines
2.5 KiB
PowerShell
59 lines
2.5 KiB
PowerShell
$ErrorActionPreference = "Stop"
|
|
|
|
$referenceDirName = ([char]0x53C2).ToString() + ([char]0x8003).ToString()
|
|
$referenceRoot = Join-Path (Resolve-Path ".").Path $referenceDirName
|
|
if (-not (Test-Path $referenceRoot)) {
|
|
throw "Missing reference directory: $referenceRoot"
|
|
}
|
|
|
|
$nestedGit = Get-ChildItem $referenceRoot -Recurse -Force -Directory -Filter ".git" -ErrorAction SilentlyContinue
|
|
if ($nestedGit) {
|
|
$nestedGit | ForEach-Object { Write-Host "NESTED-GIT: $($_.FullName)" }
|
|
throw "Nested .git found under reference directory."
|
|
}
|
|
|
|
$blockedRawReferences = @(
|
|
"$referenceDirName/mazongjian-server.xjar",
|
|
"$referenceDirName/easy-joy-life-main.zip",
|
|
"$referenceDirName/24h_qipaishi-master(1).zip",
|
|
"$referenceDirName/$(([char]0x5C0F).ToString() + ([char]0x7A0B).ToString() + ([char]0x5E8F).ToString() + ([char]0x6E90).ToString() + ([char]0x4EE3).ToString() + ([char]0x7801).ToString()).zip",
|
|
"$referenceDirName/db_20260427.sql"
|
|
)
|
|
|
|
$tracked = @(& git -c core.quotePath=false ls-files)
|
|
foreach ($blocked in $blockedRawReferences) {
|
|
if ($tracked -contains $blocked) {
|
|
throw "Blocked raw reference is tracked: $blocked"
|
|
}
|
|
}
|
|
|
|
Get-ChildItem $referenceRoot -Recurse -File | ForEach-Object {
|
|
$hash = Get-FileHash -Algorithm SHA256 $_.FullName
|
|
"{0} {1} {2}" -f $hash.Hash, $_.Length, $_.FullName
|
|
}
|
|
|
|
$zipFiles = Get-ChildItem $referenceRoot -File -Filter "*.zip" -ErrorAction SilentlyContinue
|
|
foreach ($zip in $zipFiles) {
|
|
$safeName = [IO.Path]::GetFileNameWithoutExtension($zip.Name)
|
|
$extractRoot = Join-Path $env:TEMP "qipai-reference-check"
|
|
$extractDir = Join-Path $extractRoot $safeName
|
|
if (Test-Path $extractDir) {
|
|
Remove-Item -LiteralPath $extractDir -Recurse -Force
|
|
}
|
|
New-Item -ItemType Directory -Force $extractDir | Out-Null
|
|
try {
|
|
Expand-Archive -LiteralPath $zip.FullName -DestinationPath $extractDir -Force
|
|
$fileCount = (Get-ChildItem $extractDir -Recurse -File | Measure-Object).Count
|
|
$dependencyDirs = Get-ChildItem $extractDir -Recurse -Force -Directory -Include "node_modules","miniprogram_npm" -ErrorAction SilentlyContinue
|
|
$secretFiles = Get-ChildItem $extractDir -Recurse -File -Include "*.pem","*.key","*.p12","*.crt","application*.yml","application*.properties" -ErrorAction SilentlyContinue
|
|
Write-Host "ZIP-AUDIT: $($zip.Name) files=$fileCount dependencyDirs=$($dependencyDirs.Count) sensitiveConfigFiles=$($secretFiles.Count)"
|
|
}
|
|
finally {
|
|
if (Test-Path $extractDir) {
|
|
Remove-Item -LiteralPath $extractDir -Recurse -Force
|
|
}
|
|
}
|
|
}
|
|
|
|
Write-Host "PASS: reference directory basic scan completed."
|