MCPcopy Index your code
hub / github.com/codeaashu/claude-code / deriveSecurityFlags

Function deriveSecurityFlags

src/utils/powershell/parser.ts:1728–1802  ·  view source on GitHub ↗
(
  parsed: ParsedPowerShellCommand,
)

Source from the content-addressed store, hash-verified

1726 */
1727// exported for testing
1728export function deriveSecurityFlags(
1729 parsed: ParsedPowerShellCommand,
1730): SecurityFlags {
1731 const flags: SecurityFlags = {
1732 hasSubExpressions: false,
1733 hasScriptBlocks: false,
1734 hasSplatting: false,
1735 hasExpandableStrings: false,
1736 hasMemberInvocations: false,
1737 hasAssignments: false,
1738 hasStopParsing: parsed.hasStopParsing,
1739 }
1740
1741 function checkElements(cmd: ParsedCommandElement): void {
1742 if (!cmd.elementTypes) {
1743 return
1744 }
1745 for (const et of cmd.elementTypes) {
1746 switch (et) {
1747 case 'ScriptBlock':
1748 flags.hasScriptBlocks = true
1749 break
1750 case 'SubExpression':
1751 flags.hasSubExpressions = true
1752 break
1753 case 'ExpandableString':
1754 flags.hasExpandableStrings = true
1755 break
1756 case 'MemberInvocation':
1757 flags.hasMemberInvocations = true
1758 break
1759 }
1760 }
1761 }
1762
1763 for (const stmt of parsed.statements) {
1764 if (stmt.statementType === 'AssignmentStatementAst') {
1765 flags.hasAssignments = true
1766 }
1767 for (const cmd of stmt.commands) {
1768 checkElements(cmd)
1769 }
1770 if (stmt.nestedCommands) {
1771 for (const cmd of stmt.nestedCommands) {
1772 checkElements(cmd)
1773 }
1774 }
1775 // securityPatterns provides a belt-and-suspenders check that catches
1776 // patterns elementTypes may miss (e.g. member invocations inside
1777 // assignments, subexpressions in non-pipeline statements).
1778 if (stmt.securityPatterns) {
1779 if (stmt.securityPatterns.hasMemberInvocations) {
1780 flags.hasMemberInvocations = true
1781 }
1782 if (stmt.securityPatterns.hasSubExpressions) {
1783 flags.hasSubExpressions = true
1784 }
1785 if (stmt.securityPatterns.hasExpandableStrings) {

Callers 10

checkPermissionModeFunction · 0.85
isReadOnlyCommandFunction · 0.85
checkSubExpressionsFunction · 0.85
checkExpandableStringsFunction · 0.85
checkSplattingFunction · 0.85
checkStopParsingFunction · 0.85
checkMemberInvocationsFunction · 0.85
checkEnvVarManipulationFunction · 0.85

Calls 1

checkElementsFunction · 0.85

Tested by

no test coverage detected