MCPcopy Index your code
hub / github.com/codeaashu/claude-code / generatePlaceholders

Function generatePlaceholders

src/utils/bash/commands.ts:20–36  ·  view source on GitHub ↗

* Generates placeholder strings with random salt to prevent injection attacks. * The salt prevents malicious commands from containing literal placeholder strings * that would be replaced during parsing, allowing command argument injection. * * Security: This is critical for preventing attacks wh

()

Source from the content-addressed store, hash-verified

18 * `sort __SINGLE_QUOTE__ hello --help __SINGLE_QUOTE__` could inject arguments.
19 */
20function generatePlaceholders(): {
21 SINGLE_QUOTE: string
22 DOUBLE_QUOTE: string
23 NEW_LINE: string
24 ESCAPED_OPEN_PAREN: string
25 ESCAPED_CLOSE_PAREN: string
26} {
27 // Generate 8 random bytes as hex (16 characters) for salt
28 const salt = randomBytes(8).toString('hex')
29 return {
30 SINGLE_QUOTE: `__SINGLE_QUOTE_${salt}__`,
31 DOUBLE_QUOTE: `__DOUBLE_QUOTE_${salt}__`,
32 NEW_LINE: `__NEW_LINE_${salt}__`,
33 ESCAPED_OPEN_PAREN: `__ESCAPED_OPEN_PAREN_${salt}__`,
34 ESCAPED_CLOSE_PAREN: `__ESCAPED_CLOSE_PAREN_${salt}__`,
35 }
36}
37
38// File descriptors for standard input/output/error
39// https://en.wikipedia.org/wiki/File_descriptor#Standard_streams

Callers 2

isCommandListFunction · 0.85

Calls 1

toStringMethod · 0.65

Tested by

no test coverage detected