(command: string)
| 522 | } |
| 523 | |
| 524 | export function stripSafeWrappers(command: string): string { |
| 525 | // SECURITY: Use [ \t]+ not \s+ — \s matches \n/\r which are command |
| 526 | // separators in bash. Matching across a newline would strip the wrapper from |
| 527 | // one line and leave a different command on the next line for bash to execute. |
| 528 | // |
| 529 | // SECURITY: `(?:--[ \t]+)?` consumes the wrapper's own `--` so |
| 530 | // `nohup -- rm -- -/../foo` strips to `rm -- -/../foo` (not `-- rm ...` |
| 531 | // which would skip path validation with `--` as an unknown baseCmd). |
| 532 | const SAFE_WRAPPER_PATTERNS = [ |
| 533 | // timeout: enumerate GNU long flags — no-value (--foreground, |
| 534 | // --preserve-status, --verbose), value-taking in both =fused and |
| 535 | // space-separated forms (--kill-after=5, --kill-after 5, --signal=TERM, |
| 536 | // --signal TERM). Short: -v (no-arg), -k/-s with separate or fused value. |
| 537 | // SECURITY: flag VALUES use allowlist [A-Za-z0-9_.+-] (signals are |
| 538 | // TERM/KILL/9, durations are 5/5s/10.5). Previously [^ \t]+ matched |
| 539 | // $ ( ) ` | ; & — `timeout -k$(id) 10 ls` stripped to `ls`, matched |
| 540 | // Bash(ls:*), while bash expanded $(id) during word splitting BEFORE |
| 541 | // timeout ran. Contrast ENV_VAR_PATTERN below which already allowlists. |
| 542 | /^timeout[ \t]+(?:(?:--(?:foreground|preserve-status|verbose)|--(?:kill-after|signal)=[A-Za-z0-9_.+-]+|--(?:kill-after|signal)[ \t]+[A-Za-z0-9_.+-]+|-v|-[ks][ \t]+[A-Za-z0-9_.+-]+|-[ks][A-Za-z0-9_.+-]+)[ \t]+)*(?:--[ \t]+)?\d+(?:\.\d+)?[smhd]?[ \t]+/, |
| 543 | /^time[ \t]+(?:--[ \t]+)?/, |
| 544 | // SECURITY: keep in sync with checkSemantics wrapper-strip (ast.ts |
| 545 | // ~:1990-2080) AND stripWrappersFromArgv (pathValidation.ts ~:1260). |
| 546 | // Previously this pattern REQUIRED `-n N`; checkSemantics already handled |
| 547 | // bare `nice` and legacy `-N`. Asymmetry meant checkSemantics exposed the |
| 548 | // wrapped command to semantic checks but deny-rule matching and the cd+git |
| 549 | // gate saw the wrapper name. `nice rm -rf /` with Bash(rm:*) deny became |
| 550 | // ask instead of deny; `cd evil && nice git status` skipped the bare-repo |
| 551 | // RCE gate. PR #21503 fixed stripWrappersFromArgv; this was missed. |
| 552 | // Now matches: `nice cmd`, `nice -n N cmd`, `nice -N cmd` (all forms |
| 553 | // checkSemantics strips). |
| 554 | /^nice(?:[ \t]+-n[ \t]+-?\d+|[ \t]+-\d+)?[ \t]+(?:--[ \t]+)?/, |
| 555 | // stdbuf: fused short flags only (-o0, -eL). checkSemantics handles more |
| 556 | // (space-separated, long --output=MODE), but we fail-closed on those |
| 557 | // above so not over-stripping here is safe. Main need: `stdbuf -o0 cmd`. |
| 558 | /^stdbuf(?:[ \t]+-[ioe][LN0-9]+)+[ \t]+(?:--[ \t]+)?/, |
| 559 | /^nohup[ \t]+(?:--[ \t]+)?/, |
| 560 | ] as const |
| 561 | |
| 562 | // Pattern for environment variables: |
| 563 | // ^([A-Za-z_][A-Za-z0-9_]*) - Variable name (standard identifier) |
| 564 | // = - Equals sign |
| 565 | // ([A-Za-z0-9_./:-]+) - Value: alphanumeric + safe punctuation only |
| 566 | // [ \t]+ - Required HORIZONTAL whitespace after value |
| 567 | // |
| 568 | // SECURITY: Only matches unquoted values with safe characters (no $(), `, $var, ;|&). |
| 569 | // |
| 570 | // SECURITY: Trailing whitespace MUST be [ \t]+ (horizontal only), NOT \s+. |
| 571 | // \s matches \n/\r. If reconstructCommand emits an unquoted newline between |
| 572 | // `TZ=UTC` and `echo`, \s+ would match across it and strip `TZ=UTC<NL>`, |
| 573 | // leaving `echo curl evil.com` to match Bash(echo:*). But bash treats the |
| 574 | // newline as a command separator. Defense-in-depth with needsQuoting fix. |
| 575 | const ENV_VAR_PATTERN = /^([A-Za-z_][A-Za-z0-9_]*)=([A-Za-z0-9_./:-]+)[ \t]+/ |
| 576 | |
| 577 | let stripped = command |
| 578 | let previousStripped = '' |
| 579 | |
| 580 | // Phase 1: Strip leading env vars and comments only. |
| 581 | // In bash, env var assignments before a command (VAR=val cmd) are genuine |
no test coverage detected