MCPcopy Index your code
hub / github.com/simstudioai/sim / sanitizeCommand

Function sanitizeCommand

apps/sim/app/api/tools/ssh/utils.ts:254–279  ·  view source on GitHub ↗
(command: string)

Source from the content-addressed store, hash-verified

252 * ```
253 */
254export function sanitizeCommand(command: string): string {
255 let sanitized = command.replace(/\0/g, '')
256
257 sanitized = sanitized.replace(/[\x0B\x0C]/g, '')
258
259 sanitized = sanitized.trim()
260
261 const dangerousPatterns = [
262 { pattern: /\$\(.*\)/, name: 'command substitution $()' },
263 { pattern: /`.*`/, name: 'backtick command substitution' },
264 { pattern: /;\s*rm\s+-rf/i, name: 'destructive rm -rf command' },
265 { pattern: /;\s*dd\s+/i, name: 'dd command (disk operations)' },
266 { pattern: /mkfs/i, name: 'filesystem formatting command' },
267 { pattern: />\s*\/dev\/sd[a-z]/i, name: 'direct disk write' },
268 ]
269
270 for (const { pattern, name } of dangerousPatterns) {
271 if (pattern.test(sanitized)) {
272 logger.warn(`Command contains ${name}`, {
273 command: sanitized.substring(0, 100) + (sanitized.length > 100 ? '...' : ''),
274 })
275 }
276 }
277
278 return sanitized
279}
280
281/**
282 * Sanitize and validate file path to prevent path traversal attacks

Callers 2

route.tsFile · 0.90
buildSshToolSpecsFunction · 0.90

Calls 3

testMethod · 0.80
replaceMethod · 0.65
warnMethod · 0.65

Tested by

no test coverage detected