* Like validateSinglePathCommand but operates on AST-derived argv directly * instead of re-parsing the command string with shell-quote. Avoids the * shell-quote single-quote backslash bug that causes parseCommandArguments * to silently return [] and skip path validation.
( cmd: SimpleCommand, cwd: string, toolPermissionContext: ToolPermissionContext, compoundCommandHasCd?: boolean, )
| 886 | * to silently return [] and skip path validation. |
| 887 | */ |
| 888 | function validateSinglePathCommandArgv( |
| 889 | cmd: SimpleCommand, |
| 890 | cwd: string, |
| 891 | toolPermissionContext: ToolPermissionContext, |
| 892 | compoundCommandHasCd?: boolean, |
| 893 | ): PermissionResult { |
| 894 | const argv = stripWrappersFromArgv(cmd.argv) |
| 895 | if (argv.length === 0) { |
| 896 | return { |
| 897 | behavior: 'passthrough', |
| 898 | message: 'Empty command - no paths to validate', |
| 899 | } |
| 900 | } |
| 901 | const [baseCmd, ...args] = argv |
| 902 | if (!baseCmd || !SUPPORTED_PATH_COMMANDS.includes(baseCmd as PathCommand)) { |
| 903 | return { |
| 904 | behavior: 'passthrough', |
| 905 | message: `Command '${baseCmd}' is not a path-restricted command`, |
| 906 | } |
| 907 | } |
| 908 | // sed read-only override: use .text for the allowlist check since |
| 909 | // sedCommandIsAllowedByAllowlist takes a string. argv is already |
| 910 | // wrapper-stripped but .text is raw tree-sitter span (includes |
| 911 | // `timeout 5 ` prefix), so strip here too. |
| 912 | const operationTypeOverride = |
| 913 | baseCmd === 'sed' && |
| 914 | sedCommandIsAllowedByAllowlist(stripSafeWrappers(cmd.text)) |
| 915 | ? ('read' as FileOperationType) |
| 916 | : undefined |
| 917 | const pathChecker = createPathChecker( |
| 918 | baseCmd as PathCommand, |
| 919 | operationTypeOverride, |
| 920 | ) |
| 921 | return pathChecker(args, cwd, toolPermissionContext, compoundCommandHasCd) |
| 922 | } |
| 923 | |
| 924 | function validateOutputRedirections( |
| 925 | redirections: Array<{ target: string; operator: '>' | '>>' }>, |
no test coverage detected