MCPcopy Index your code
hub / github.com/codeaashu/claude-code / stripSafeRedirections

Function stripSafeRedirections

src/tools/BashTool/bashSecurity.ts:176–188  ·  view source on GitHub ↗
(content: string)

Source from the content-addressed store, hash-verified

174}
175
176function stripSafeRedirections(content: string): string {
177 // SECURITY: All three patterns MUST have a trailing boundary (?=\s|$).
178 // Without it, `> /dev/nullo` matches `/dev/null` as a PREFIX, strips
179 // `> /dev/null` leaving `o`, so `echo hi > /dev/nullo` becomes `echo hi o`.
180 // validateRedirections then sees no `>` and passes. The file write to
181 // /dev/nullo is auto-allowed via the read-only path (checkReadOnlyConstraints).
182 // Main bashPermissions flow is protected (checkPathConstraints validates the
183 // original command), but speculation.ts uses checkReadOnlyConstraints alone.
184 return content
185 .replace(/\s+2\s*>&\s*1(?=\s|$)/g, '')
186 .replace(/[012]?\s*>\s*\/dev\/null(?=\s|$)/g, '')
187 .replace(/\s*<\s*\/dev\/null(?=\s|$)/g, '')
188}
189
190/**
191 * Checks if content contains an unescaped occurrence of a single character.

Callers 2

Calls

no outgoing calls

Tested by

no test coverage detected