MCPcopy Index your code
hub / github.com/Acode-Foundation/Acode / #secureTerminalWrite

Method #secureTerminalWrite

src/lib/acode.js:423–510  ·  view source on GitHub ↗

* Secure terminal write with command validation * Prevents execution of malicious or dangerous commands through plugin API * @param {string} id - Terminal ID * @param {string} data - Data to write

(id, data)

Source from the content-addressed store, hash-verified

421 * @param {string} data - Data to write
422 */
423 #secureTerminalWrite(id, data) {
424 if (typeof data !== "string") {
425 console.warn("Terminal write data must be a string");
426 return;
427 }
428
429 // List of potentially dangerous commands/patterns to block
430 const dangerousPatterns = [
431 // System commands that can cause damage
432 /^\s*rm\s+-rf?\s+\/[^\r\n]*[\r\n]?$/m,
433 /^\s*rm\s+-rf?\s+\*[^\r\n]*[\r\n]?$/m,
434 /^\s*rm\s+-rf?\s+~[^\r\n]*[\r\n]?$/m,
435 /^\s*mkfs\.[^\r\n]*[\r\n]?$/m,
436 /^\s*dd\s+if=\/[^\r\n]*[\r\n]?$/m,
437 /^\s*:(){ :|:& };:[^\r\n]*[\r\n]?$/m, // Fork bomb
438 /^\s*sudo\s+dd\s+if=\/[^\r\n]*[\r\n]?$/m,
439 /^\s*sudo\s+rm\s+-rf?\s+\/[^\r\n]*[\r\n]?$/m,
440 /^\s*curl\s+[^\r\n]*\|\s*sh[^\r\n]*[\r\n]?$/m,
441 /^\s*wget\s+[^\r\n]*\|\s*sh[^\r\n]*[\r\n]?$/m,
442 /^\s*bash\s+<\s*\([^\r\n]*[\r\n]?$/m,
443 /^\s*sh\s+<\s*\([^\r\n]*[\r\n]?$/m,
444
445 // Network-based attacks
446 /^\s*nc\s+-l\s+-p\s+\d+[^\r\n]*[\r\n]?$/m,
447 /^\s*ncat\s+-l\s+-p\s+\d+[^\r\n]*[\r\n]?$/m,
448 /^\s*python\s+.*SimpleHTTPServer[^\r\n]*[\r\n]?$/m,
449 /^\s*python\s+.*http\.server[^\r\n]*[\r\n]?$/m,
450
451 // Process manipulation
452 /^\s*kill\s+-9\s+1\s*[\r\n]?$/m,
453 /^\s*killall\s+-9\s+\*[^\r\n]*[\r\n]?$/m,
454
455 // File system manipulation
456 /^\s*chmod\s+777\s+\/[^\r\n]*[\r\n]?$/m,
457 /^\s*chown\s+[^\s]+\s+\/[^\r\n]*[\r\n]?$/m,
458
459 // Sensitive file access attempts
460 /^\s*cat\s+\/etc\/passwd[^\r\n]*[\r\n]?$/m,
461 /^\s*cat\s+\/etc\/shadow[^\r\n]*[\r\n]?$/m,
462 /^\s*cat\s+\/root\/[^\r\n]*[\r\n]?$/m,
463
464 // Only block null bytes
465 /\x00/g,
466 ];
467
468 // Check for dangerous patterns
469 for (const pattern of dangerousPatterns) {
470 if (pattern.test(data)) {
471 console.warn(
472 `Blocked potentially dangerous terminal command: ${data.substring(0, 50)}...`,
473 );
474 toast("Potentially dangerous command blocked for security", 3000);
475 return;
476 }
477 }
478
479 // Additional checks for suspicious character sequences
480 if (data.includes("$(") && data.includes(")")) {

Callers 1

constructorMethod · 0.95

Calls 1

writeToTerminalMethod · 0.80

Tested by

no test coverage detected