()
| 1199 | } |
| 1200 | |
| 1201 | function getCommandAllowlist(): Record<string, CommandConfig> { |
| 1202 | let allowlist: Record<string, CommandConfig> = COMMAND_ALLOWLIST |
| 1203 | // On Windows, xargs can be used as a data-to-code bridge: if a file contains |
| 1204 | // a UNC path, `cat file | xargs cat` feeds that path to cat, triggering SMB |
| 1205 | // resolution. Since the UNC path is in file contents (not the command string), |
| 1206 | // regex-based detection cannot catch this. |
| 1207 | if (getPlatform() === 'windows') { |
| 1208 | const { xargs: _, ...rest } = allowlist |
| 1209 | allowlist = rest |
| 1210 | } |
| 1211 | if (process.env.USER_TYPE === 'ant') { |
| 1212 | return { ...allowlist, ...ANT_ONLY_COMMAND_ALLOWLIST } |
| 1213 | } |
| 1214 | return allowlist |
| 1215 | } |
| 1216 | |
| 1217 | /** |
| 1218 | * Commands that are safe to use as xargs targets for auto-approval. |
no test coverage detected