MCPcopy Index your code
hub / github.com/codeaashu/claude-code / stripSafeWrappers

Function stripSafeWrappers

src/tools/BashTool/bashPermissions.ts:524–615  ·  view source on GitHub ↗
(command: string)

Source from the content-addressed store, hash-verified

522}
523
524export function stripSafeWrappers(command: string): string {
525 // SECURITY: Use [ \t]+ not \s+ — \s matches \n/\r which are command
526 // separators in bash. Matching across a newline would strip the wrapper from
527 // one line and leave a different command on the next line for bash to execute.
528 //
529 // SECURITY: `(?:--[ \t]+)?` consumes the wrapper's own `--` so
530 // `nohup -- rm -- -/../foo` strips to `rm -- -/../foo` (not `-- rm ...`
531 // which would skip path validation with `--` as an unknown baseCmd).
532 const SAFE_WRAPPER_PATTERNS = [
533 // timeout: enumerate GNU long flags — no-value (--foreground,
534 // --preserve-status, --verbose), value-taking in both =fused and
535 // space-separated forms (--kill-after=5, --kill-after 5, --signal=TERM,
536 // --signal TERM). Short: -v (no-arg), -k/-s with separate or fused value.
537 // SECURITY: flag VALUES use allowlist [A-Za-z0-9_.+-] (signals are
538 // TERM/KILL/9, durations are 5/5s/10.5). Previously [^ \t]+ matched
539 // $ ( ) ` | ; & — `timeout -k$(id) 10 ls` stripped to `ls`, matched
540 // Bash(ls:*), while bash expanded $(id) during word splitting BEFORE
541 // timeout ran. Contrast ENV_VAR_PATTERN below which already allowlists.
542 /^timeout[ \t]+(?:(?:--(?:foreground|preserve-status|verbose)|--(?:kill-after|signal)=[A-Za-z0-9_.+-]+|--(?:kill-after|signal)[ \t]+[A-Za-z0-9_.+-]+|-v|-[ks][ \t]+[A-Za-z0-9_.+-]+|-[ks][A-Za-z0-9_.+-]+)[ \t]+)*(?:--[ \t]+)?\d+(?:\.\d+)?[smhd]?[ \t]+/,
543 /^time[ \t]+(?:--[ \t]+)?/,
544 // SECURITY: keep in sync with checkSemantics wrapper-strip (ast.ts
545 // ~:1990-2080) AND stripWrappersFromArgv (pathValidation.ts ~:1260).
546 // Previously this pattern REQUIRED `-n N`; checkSemantics already handled
547 // bare `nice` and legacy `-N`. Asymmetry meant checkSemantics exposed the
548 // wrapped command to semantic checks but deny-rule matching and the cd+git
549 // gate saw the wrapper name. `nice rm -rf /` with Bash(rm:*) deny became
550 // ask instead of deny; `cd evil && nice git status` skipped the bare-repo
551 // RCE gate. PR #21503 fixed stripWrappersFromArgv; this was missed.
552 // Now matches: `nice cmd`, `nice -n N cmd`, `nice -N cmd` (all forms
553 // checkSemantics strips).
554 /^nice(?:[ \t]+-n[ \t]+-?\d+|[ \t]+-\d+)?[ \t]+(?:--[ \t]+)?/,
555 // stdbuf: fused short flags only (-o0, -eL). checkSemantics handles more
556 // (space-separated, long --output=MODE), but we fail-closed on those
557 // above so not over-stripping here is safe. Main need: `stdbuf -o0 cmd`.
558 /^stdbuf(?:[ \t]+-[ioe][LN0-9]+)+[ \t]+(?:--[ \t]+)?/,
559 /^nohup[ \t]+(?:--[ \t]+)?/,
560 ] as const
561
562 // Pattern for environment variables:
563 // ^([A-Za-z_][A-Za-z0-9_]*) - Variable name (standard identifier)
564 // = - Equals sign
565 // ([A-Za-z0-9_./:-]+) - Value: alphanumeric + safe punctuation only
566 // [ \t]+ - Required HORIZONTAL whitespace after value
567 //
568 // SECURITY: Only matches unquoted values with safe characters (no $(), `, $var, ;|&).
569 //
570 // SECURITY: Trailing whitespace MUST be [ \t]+ (horizontal only), NOT \s+.
571 // \s matches \n/\r. If reconstructCommand emits an unquoted newline between
572 // `TZ=UTC` and `echo`, \s+ would match across it and strip `TZ=UTC<NL>`,
573 // leaving `echo curl evil.com` to match Bash(echo:*). But bash treats the
574 // newline as a command separator. Defense-in-depth with needsQuoting fix.
575 const ENV_VAR_PATTERN = /^([A-Za-z_][A-Za-z0-9_]*)=([A-Za-z0-9_./:-]+)[ \t]+/
576
577 let stripped = command
578 let previousStripped = ''
579
580 // Phase 1: Strip leading env vars and comments only.
581 // In bash, env var assignments before a command (VAR=val cmd) are genuine

Callers 6

isNormalizedGitCommandFunction · 0.85
isNormalizedCdCommandFunction · 0.85
containsExcludedCommandFunction · 0.85

Calls 2

stripCommentLinesFunction · 0.85
hasMethod · 0.45

Tested by

no test coverage detected