* Recursively walk a test_command expression tree (unary/binary/negated/ * parenthesized expressions). Leaves are test_operator tokens and operands * (word/string/number/etc). Operands are validated via walkArgument.
( node: Node, argv: string[], innerCommands: SimpleCommand[], varScope: Map<string, string>, )
| 960 | * (word/string/number/etc). Operands are validated via walkArgument. |
| 961 | */ |
| 962 | function walkTestExpr( |
| 963 | node: Node, |
| 964 | argv: string[], |
| 965 | innerCommands: SimpleCommand[], |
| 966 | varScope: Map<string, string>, |
| 967 | ): ParseForSecurityResult | null { |
| 968 | switch (node.type) { |
| 969 | case 'unary_expression': |
| 970 | case 'binary_expression': |
| 971 | case 'negated_expression': |
| 972 | case 'parenthesized_expression': { |
| 973 | for (const c of node.children) { |
| 974 | if (!c) continue |
| 975 | const err = walkTestExpr(c, argv, innerCommands, varScope) |
| 976 | if (err) return err |
| 977 | } |
| 978 | return null |
| 979 | } |
| 980 | case 'test_operator': |
| 981 | case '!': |
| 982 | case '(': |
| 983 | case ')': |
| 984 | case '&&': |
| 985 | case '||': |
| 986 | case '==': |
| 987 | case '=': |
| 988 | case '!=': |
| 989 | case '<': |
| 990 | case '>': |
| 991 | case '=~': |
| 992 | argv.push(node.text) |
| 993 | return null |
| 994 | case 'regex': |
| 995 | case 'extglob_pattern': |
| 996 | // RHS of =~ or ==/!= in [[ ]]. Pattern text only — no code execution. |
| 997 | // Parser emits these as leaf nodes with no children (any $(...) or ${...} |
| 998 | // inside the pattern is a sibling, not a child, and is walked separately). |
| 999 | argv.push(node.text) |
| 1000 | return null |
| 1001 | default: { |
| 1002 | // Operand — word, string, number, etc. Validate via walkArgument. |
| 1003 | const arg = walkArgument(node, innerCommands, varScope) |
| 1004 | if (typeof arg !== 'string') return arg |
| 1005 | argv.push(arg) |
| 1006 | return null |
| 1007 | } |
| 1008 | } |
| 1009 | } |
| 1010 | |
| 1011 | /** |
| 1012 | * A `redirected_statement` wraps a command (or pipeline) plus one or more |
no test coverage detected