Simplify seed creation/validation commands

[goodov]

Removed unnecessary commands, reworked validation logic to always return errors as array of strings instead of throwing.

[goodov]

@brave/griffin-maintainers ptal

[atuchin-m]

BTW, we don't have a protection against duplicating some things:

      "channel": [
        "NIGHTLY",
        "BETA",
        "RELEASE",
         "NIGHTLY" // <= a possbile issue here
      ],

This is also considered only as a format error:

    "experiment": [
     {
       "name": "Enabled",
       "name": "AnotherEnabled",
       ...
       

[github-actions]

[puLL-Merge] - brave/brave-variations@1202

Description

This PR refactors and consolidates the seed tools, particularly focusing on the study validation and seed creation processes. It combines multiple commands into a single seed command with subcommands, improves error handling, and enhances the overall structure of the codebase.

Changes

Changes

1. src/scripts/lint.ts:

   • Updated the lint command for studies to use the new seed lint subcommand.

2. src/seed_tools/README.md:

   • Simplified the README, removing detailed command descriptions and adding a general help section.

3. src/seed_tools/commands/:

   • Removed check_study.test.ts, check_study.ts, create_seed.test.ts, create_seed.ts, validate_seed.test.ts, and validate_seed.ts.
   • Added seed.test.ts and seed.ts, which consolidate the functionality of the removed files into a single seed command with subcommands.
   • Updated compare_seeds.ts and split_seed_json.ts to export functions that create commands instead of exporting commands directly.

4. src/seed_tools/utils/:

   • Added file_utils.ts with a utility function to get file base names.
   • Updated seed_validation.ts, study_json_utils.ts, and study_validation.ts to improve error handling and consolidate functionality.

5. src/seed_tools/seed_tools.ts:

   • Updated to use the new consolidated seed command and updated command creation functions.

Possible Issues

1. The consolidation of commands may require updates to any scripts or documentation that reference the old command structure.
2. The error handling changes might alter the format of error messages, potentially affecting any automated processes that parse these messages.

Security Hotspots

No significant security hotspots were identified in this change. The modifications primarily focus on code organization and error handling, which don't directly impact security. However, as with any significant refactoring, thorough testing should be performed to ensure that all functionality, including any security-related checks, continues to work as expected.

[github-actions]

_{reported by reviewdog 🐶}
[semgrep] Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

Source: https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal


Cc @thypon @kdenhartog

[kdenhartog]

I'm not seeing anyway that someone could produce a file traversal vulnerability with this. readdir returns an array of the current files in the directory and excludes the usage of '.' and '..'. This seems fine to me.