(
input: z.infer<typeof BashTool.inputSchema>,
toolPermissionContext: ToolPermissionContext,
matchMode: 'exact' | 'prefix',
{ skipCompoundCheck = false }: { skipCompoundCheck?: boolean } = {},
)
| 935 | } |
| 936 | |
| 937 | function matchingRulesForInput( |
| 938 | input: z.infer<typeof BashTool.inputSchema>, |
| 939 | toolPermissionContext: ToolPermissionContext, |
| 940 | matchMode: 'exact' | 'prefix', |
| 941 | { skipCompoundCheck = false }: { skipCompoundCheck?: boolean } = {}, |
| 942 | ) { |
| 943 | const denyRuleByContents = getRuleByContentsForTool( |
| 944 | toolPermissionContext, |
| 945 | BashTool, |
| 946 | 'deny', |
| 947 | ) |
| 948 | // SECURITY: Deny/ask rules use aggressive env var stripping so that |
| 949 | // `FOO=bar denied_command` still matches a deny rule for `denied_command`. |
| 950 | const matchingDenyRules = filterRulesByContentsMatchingInput( |
| 951 | input, |
| 952 | denyRuleByContents, |
| 953 | matchMode, |
| 954 | { stripAllEnvVars: true, skipCompoundCheck: true }, |
| 955 | ) |
| 956 | |
| 957 | const askRuleByContents = getRuleByContentsForTool( |
| 958 | toolPermissionContext, |
| 959 | BashTool, |
| 960 | 'ask', |
| 961 | ) |
| 962 | const matchingAskRules = filterRulesByContentsMatchingInput( |
| 963 | input, |
| 964 | askRuleByContents, |
| 965 | matchMode, |
| 966 | { stripAllEnvVars: true, skipCompoundCheck: true }, |
| 967 | ) |
| 968 | |
| 969 | const allowRuleByContents = getRuleByContentsForTool( |
| 970 | toolPermissionContext, |
| 971 | BashTool, |
| 972 | 'allow', |
| 973 | ) |
| 974 | const matchingAllowRules = filterRulesByContentsMatchingInput( |
| 975 | input, |
| 976 | allowRuleByContents, |
| 977 | matchMode, |
| 978 | { skipCompoundCheck }, |
| 979 | ) |
| 980 | |
| 981 | return { |
| 982 | matchingDenyRules, |
| 983 | matchingAskRules, |
| 984 | matchingAllowRules, |
| 985 | } |
| 986 | } |
| 987 | |
| 988 | /** |
| 989 | * Checks if the subcommand is an exact match for a permission rule |
no test coverage detected