mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-06 19:35:13 +02:00
a438886217
* refactor: Update comments for clarity and add expectations.json files for performance metrics * feat: Implement FP guard for JS/TS local-collection receivers to suppress missing ownership checks * feat: Enhance Rust parameter handling to classify local collections and prevent false ownership checks * refactor: Simplify code formatting for better readability in multiple files * refactor: Improve UTF-8 sequence length handling and enhance clarity in loop iteration * feat: Update Java and Python patterns to include new security rules * refactor: Improve comment clarity and consistency across multiple Rust files * refactor: Simplify code formatting for improved readability in integration tests and module files * refactor: Improve comment formatting and enhance clarity in assertions across multiple files
68 lines
2 KiB
Rust
68 lines
2 KiB
Rust
use std::env;
|
|
use std::fs;
|
|
use std::process::Command;
|
|
|
|
/// Infrastructure provisioning tool, Rust core.
|
|
/// Reads infrastructure config from environment and executes provisioning commands.
|
|
|
|
struct InfraConfig {
|
|
provider: String,
|
|
region: String,
|
|
ssh_key_path: String,
|
|
cluster_name: String,
|
|
}
|
|
|
|
fn load_infra_config() -> InfraConfig {
|
|
InfraConfig {
|
|
provider: env::var("CLOUD_PROVIDER").unwrap(),
|
|
region: env::var("CLOUD_REGION").unwrap(),
|
|
ssh_key_path: env::var("SSH_KEY_PATH").expect("SSH_KEY_PATH required"),
|
|
cluster_name: env::var("CLUSTER_NAME").unwrap(),
|
|
}
|
|
}
|
|
|
|
/// Provisions a new cluster by shelling out to the provider CLI.
|
|
/// VULN: env var flows into Command (command injection)
|
|
fn provision_cluster() {
|
|
let cfg = load_infra_config();
|
|
let cmd = format!(
|
|
"{}-cli create-cluster --name {} --region {} --ssh-key {}",
|
|
cfg.provider, cfg.cluster_name, cfg.region, cfg.ssh_key_path
|
|
);
|
|
let output = Command::new("sh")
|
|
.arg("-c")
|
|
.arg(&cmd)
|
|
.output()
|
|
.expect("provisioning failed");
|
|
|
|
if !output.status.success() {
|
|
panic!("Cluster provisioning failed: {}", String::from_utf8_lossy(&output.stderr));
|
|
}
|
|
}
|
|
|
|
/// Reads a Terraform state file and applies changes.
|
|
/// VULN: file contents flow into Command
|
|
fn apply_terraform() {
|
|
let state = fs::read_to_string("/etc/terraform/main.tf").unwrap();
|
|
let workspace = state.lines()
|
|
.find(|l| l.starts_with("workspace"))
|
|
.unwrap_or("default");
|
|
Command::new("terraform")
|
|
.arg("apply")
|
|
.arg("-auto-approve")
|
|
.arg("-var")
|
|
.arg(format!("workspace={}", workspace))
|
|
.status()
|
|
.unwrap();
|
|
}
|
|
|
|
/// Destroys infrastructure, reads target from env.
|
|
/// VULN: env var flows into Command
|
|
fn destroy_cluster() {
|
|
let cluster = env::var("DESTROY_TARGET").unwrap();
|
|
Command::new("sh")
|
|
.arg("-c")
|
|
.arg(format!("kubectl delete cluster {}", cluster))
|
|
.status()
|
|
.expect("destroy failed");
|
|
}
|