MCPcopy
hub / github.com/wavetermdev/waveterm / isBlockedFile

Function isBlockedFile

pkg/aiusechat/tools_readfile.go:106–198  ·  view source on GitHub ↗
(expandedPath string)

Source from the content-addressed store, hash-verified

104}
105
106func isBlockedFile(expandedPath string) (bool, string) {
107 homeDir := os.Getenv("HOME")
108 if homeDir == "" {
109 homeDir = os.Getenv("USERPROFILE")
110 }
111
112 cleanPath := filepath.Clean(expandedPath)
113 baseName := filepath.Base(cleanPath)
114
115 exactPaths := []struct {
116 path string
117 reason string
118 }{
119 {filepath.Join(homeDir, ".aws", "credentials"), "AWS credentials file"},
120 {filepath.Join(homeDir, ".git-credentials"), "Git credentials file"},
121 {filepath.Join(homeDir, ".netrc"), "netrc credentials file"},
122 {filepath.Join(homeDir, ".pgpass"), "PostgreSQL password file"},
123 {filepath.Join(homeDir, ".my.cnf"), "MySQL credentials file"},
124 {filepath.Join(homeDir, ".kube", "config"), "Kubernetes config file"},
125 {"/etc/shadow", "system password file"},
126 {"/etc/sudoers", "system sudoers file"},
127 }
128
129 for _, ep := range exactPaths {
130 if cleanPath == ep.path {
131 return true, ep.reason
132 }
133 }
134
135 dirPrefixes := []struct {
136 prefix string
137 reason string
138 }{
139 {filepath.Join(homeDir, ".gnupg") + string(filepath.Separator), "GPG directory"},
140 {filepath.Join(homeDir, ".password-store") + string(filepath.Separator), "password store directory"},
141 {"/etc/sudoers.d/", "system sudoers directory"},
142 {"/Library/Keychains/", "macOS keychain directory"},
143 {filepath.Join(homeDir, "Library", "Keychains") + string(filepath.Separator), "macOS keychain directory"},
144 }
145
146 for _, dp := range dirPrefixes {
147 if strings.HasPrefix(cleanPath, dp.prefix) {
148 return true, dp.reason
149 }
150 }
151
152 if strings.Contains(cleanPath, filepath.Join(homeDir, ".secrets")) {
153 return true, "secrets directory"
154 }
155
156 if localAppData := os.Getenv("LOCALAPPDATA"); localAppData != "" {
157 credPath := filepath.Join(localAppData, "Microsoft", "Credentials")
158 if strings.HasPrefix(cleanPath, credPath) {
159 return true, "Windows credentials"
160 }
161 }
162 if appData := os.Getenv("APPDATA"); appData != "" {
163 credPath := filepath.Join(appData, "Microsoft", "Credentials")

Callers 3

validateTextFileFunction · 0.85
verifyReadTextFileInputFunction · 0.85
readTextFileCallbackFunction · 0.85

Calls 1

CleanMethod · 0.45

Tested by

no test coverage detected