(content: string)
| 174 | } |
| 175 | |
| 176 | function stripSafeRedirections(content: string): string { |
| 177 | // SECURITY: All three patterns MUST have a trailing boundary (?=\s|$). |
| 178 | // Without it, `> /dev/nullo` matches `/dev/null` as a PREFIX, strips |
| 179 | // `> /dev/null` leaving `o`, so `echo hi > /dev/nullo` becomes `echo hi o`. |
| 180 | // validateRedirections then sees no `>` and passes. The file write to |
| 181 | // /dev/nullo is auto-allowed via the read-only path (checkReadOnlyConstraints). |
| 182 | // Main bashPermissions flow is protected (checkPathConstraints validates the |
| 183 | // original command), but speculation.ts uses checkReadOnlyConstraints alone. |
| 184 | return content |
| 185 | .replace(/\s+2\s*>&\s*1(?=\s|$)/g, '') |
| 186 | .replace(/[012]?\s*>\s*\/dev\/null(?=\s|$)/g, '') |
| 187 | .replace(/\s*<\s*\/dev\/null(?=\s|$)/g, '') |
| 188 | } |
| 189 | |
| 190 | /** |
| 191 | * Checks if content contains an unescaped occurrence of a single character. |
no outgoing calls
no test coverage detected