(target: ParseEntry | undefined)
| 796 | } |
| 797 | |
| 798 | function isSimpleTarget(target: ParseEntry | undefined): target is string { |
| 799 | // SECURITY: Reject empty strings. isSimpleTarget('') passes every character- |
| 800 | // class check below vacuously; path.resolve(cwd,'') returns cwd (always in |
| 801 | // allowed root). An empty target can arise from shell-quote emitting '' for |
| 802 | // `\<newline>`. In bash, `> \<newline>/etc/passwd` joins the continuation |
| 803 | // and writes to /etc/passwd. Defense-in-depth with the line-continuation |
| 804 | // join fix in extractOutputRedirections. |
| 805 | if (typeof target !== 'string' || target.length === 0) return false |
| 806 | return ( |
| 807 | !target.startsWith('!') && // History expansion patterns like !!, !-1, !foo |
| 808 | !target.startsWith('=') && // Zsh equals expansion (=cmd expands to /path/to/cmd) |
| 809 | !target.startsWith('~') && // Tilde expansion (~, ~/path, ~user/path) |
| 810 | !target.includes('$') && // Variable/command substitution |
| 811 | !target.includes('`') && // Backtick command substitution |
| 812 | !target.includes('*') && // Glob wildcard |
| 813 | !target.includes('?') && // Glob single char |
| 814 | !target.includes('[') && // Glob character class |
| 815 | !target.includes('{') // Brace expansion like {a,b} or {1..5} |
| 816 | ) |
| 817 | } |
| 818 | |
| 819 | /** |
| 820 | * Checks if a redirection target contains shell expansion syntax that could |
no outgoing calls
no test coverage detected