Tighten bash shell option handling (#12532)

2026-04-27 13:34:15 -07:00 · 2025-11-04 11:11:29 -05:00
parent 96d7eb2966
commit b8b6620365
4 changed files with 108 additions and 10 deletions
@@ -271,6 +271,25 @@ EOF`,
    );
  });

+  it('should block commands containing prompt transformations', () => {
+    const result = isCommandAllowed(
+      'echo "${var1=aa\\140 env| ls -l\\140}${var1@P}"',
+      config,
+    );
+    expect(result.allowed).toBe(false);
+    expect(result.reason).toBe(
+      'Command rejected because it could not be parsed safely',
+    );
+  });
+
+  it('should block simple prompt transformation expansions', () => {
+    const result = isCommandAllowed('echo ${foo@P}', config);
+    expect(result.allowed).toBe(false);
+    expect(result.reason).toBe(
+      'Command rejected because it could not be parsed safely',
+    );
+  });
+
  describe('command substitution', () => {
    it('should allow command substitution using `$(...)`', () => {
      const result = isCommandAllowed('echo $(goodCommand --safe)', config);
@@ -465,6 +484,18 @@ describe('getCommandRoots', () => {
    const result = getCommandRoots('echo `badCommand --danger`');
    expect(result).toEqual(['echo', 'badCommand']);
  });
+
+  it('should treat parameter expansions with prompt transformations as unsafe', () => {
+    const roots = getCommandRoots(
+      'echo "${var1=aa\\140 env| ls -l\\140}${var1@P}"',
+    );
+    expect(roots).toEqual([]);
+  });
+
+  it('should not return roots for prompt transformation expansions', () => {
+    const roots = getCommandRoots('echo ${foo@P}');
+    expect(roots).toEqual([]);
+  });
 });

 describeWindowsOnly('PowerShell integration', () => {
@@ -256,6 +256,40 @@ function collectCommandDetails(
  return details;
 }

+function hasPromptCommandTransform(root: Node): boolean {
+  const stack: Node[] = [root];
+
+  while (stack.length > 0) {
+    const current = stack.pop();
+    if (!current) {
+      continue;
+    }
+
+    if (current.type === 'expansion') {
+      for (let i = 0; i < current.childCount - 1; i += 1) {
+        const operatorNode = current.child(i);
+        const transformNode = current.child(i + 1);
+
+        if (
+          operatorNode?.type === '@' &&
+          transformNode?.text?.toLowerCase() === 'p'
+        ) {
+          return true;
+        }
+      }
+    }
+
+    for (let i = current.namedChildCount - 1; i >= 0; i -= 1) {
+      const child = current.namedChild(i);
+      if (child) {
+        stack.push(child);
+      }
+    }
+  }
+
+  return false;
+}
+
 function parseBashCommandDetails(command: string): CommandParseResult | null {
  if (treeSitterInitializationError) {
    throw treeSitterInitializationError;
@@ -276,7 +310,10 @@ function parseBashCommandDetails(command: string): CommandParseResult | null {
  const details = collectCommandDetails(tree.rootNode, command);
  return {
    details,
-    hasError: tree.rootNode.hasError || details.length === 0,
+    hasError:
+      tree.rootNode.hasError ||
+      details.length === 0 ||
+      hasPromptCommandTransform(tree.rootNode),
  };
 }