(command: string)
| 386 | * @returns true if it's a help command, false otherwise |
| 387 | */ |
| 388 | export function isHelpCommand(command: string): boolean { |
| 389 | const trimmed = command.trim() |
| 390 | |
| 391 | // Check if command ends with --help |
| 392 | if (!trimmed.endsWith('--help')) { |
| 393 | return false |
| 394 | } |
| 395 | |
| 396 | // Reject commands with quotes, as they might be trying to bypass restrictions |
| 397 | if (trimmed.includes('"') || trimmed.includes("'")) { |
| 398 | return false |
| 399 | } |
| 400 | |
| 401 | // Parse the command to check for other flags |
| 402 | const parseResult = tryParseShellCommand(trimmed) |
| 403 | if (!parseResult.success) { |
| 404 | return false |
| 405 | } |
| 406 | |
| 407 | const tokens = parseResult.tokens |
| 408 | let foundHelp = false |
| 409 | |
| 410 | // Only allow alphanumeric tokens (besides --help) |
| 411 | const alphanumericPattern = /^[a-zA-Z0-9]+$/ |
| 412 | |
| 413 | for (const token of tokens) { |
| 414 | if (typeof token === 'string') { |
| 415 | // Check if this token is a flag (starts with -) |
| 416 | if (token.startsWith('-')) { |
| 417 | // Only allow --help |
| 418 | if (token === '--help') { |
| 419 | foundHelp = true |
| 420 | } else { |
| 421 | // Found another flag, not a simple help command |
| 422 | return false |
| 423 | } |
| 424 | } else { |
| 425 | // Non-flag token - must be alphanumeric only |
| 426 | // Reject paths, special characters, etc. |
| 427 | if (!alphanumericPattern.test(token)) { |
| 428 | return false |
| 429 | } |
| 430 | } |
| 431 | } |
| 432 | } |
| 433 | |
| 434 | // If we found a help flag and no other flags, it's a help command |
| 435 | return foundHelp |
| 436 | } |
| 437 | |
| 438 | const BASH_POLICY_SPEC = `<policy_spec> |
| 439 | # Claude Code Code Bash command prefix detection |
no test coverage detected