MCPcopy
hub / github.com/codeaashu/claude-code / validateSinglePathCommandArgv

Function validateSinglePathCommandArgv

src/tools/BashTool/pathValidation.ts:888–922  ·  view source on GitHub ↗

* Like validateSinglePathCommand but operates on AST-derived argv directly * instead of re-parsing the command string with shell-quote. Avoids the * shell-quote single-quote backslash bug that causes parseCommandArguments * to silently return [] and skip path validation.

(
  cmd: SimpleCommand,
  cwd: string,
  toolPermissionContext: ToolPermissionContext,
  compoundCommandHasCd?: boolean,
)

Source from the content-addressed store, hash-verified

886 * to silently return [] and skip path validation.
887 */
888function validateSinglePathCommandArgv(
889 cmd: SimpleCommand,
890 cwd: string,
891 toolPermissionContext: ToolPermissionContext,
892 compoundCommandHasCd?: boolean,
893): PermissionResult {
894 const argv = stripWrappersFromArgv(cmd.argv)
895 if (argv.length === 0) {
896 return {
897 behavior: 'passthrough',
898 message: 'Empty command - no paths to validate',
899 }
900 }
901 const [baseCmd, ...args] = argv
902 if (!baseCmd || !SUPPORTED_PATH_COMMANDS.includes(baseCmd as PathCommand)) {
903 return {
904 behavior: 'passthrough',
905 message: `Command '${baseCmd}' is not a path-restricted command`,
906 }
907 }
908 // sed read-only override: use .text for the allowlist check since
909 // sedCommandIsAllowedByAllowlist takes a string. argv is already
910 // wrapper-stripped but .text is raw tree-sitter span (includes
911 // `timeout 5 ` prefix), so strip here too.
912 const operationTypeOverride =
913 baseCmd === 'sed' &&
914 sedCommandIsAllowedByAllowlist(stripSafeWrappers(cmd.text))
915 ? ('read' as FileOperationType)
916 : undefined
917 const pathChecker = createPathChecker(
918 baseCmd as PathCommand,
919 operationTypeOverride,
920 )
921 return pathChecker(args, cwd, toolPermissionContext, compoundCommandHasCd)
922}
923
924function validateOutputRedirections(
925 redirections: Array<{ target: string; operator: '>' | '>>' }>,

Callers 1

checkPathConstraintsFunction · 0.85

Calls 4

stripSafeWrappersFunction · 0.85
createPathCheckerFunction · 0.85
stripWrappersFromArgvFunction · 0.70

Tested by

no test coverage detected