From e909993dd194d80655295e61feb12acd8a5581b1 Mon Sep 17 00:00:00 2001 From: owenofbrien <86964623+owenofbrien@users.noreply.github.com> Date: Fri, 26 Sep 2025 13:16:05 -0500 Subject: [PATCH] =?UTF-8?q?Added=20warning=20to=20avoid=20command=20substi?= =?UTF-8?q?tution=20in=20run=5Fshell=5Fcommand=20tool=E2=80=A6=20(#9934)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- packages/core/src/tools/shell.ts | 12 ++++++++++-- packages/core/src/utils/shell-utils.test.ts | 9 +++++++++ packages/core/src/utils/shell-utils.ts | 7 ++++++- 3 files changed, 25 insertions(+), 3 deletions(-) diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 11802c7b57..de00170604 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -395,10 +395,18 @@ function getShellToolDescription(): string { } function getCommandDescription(): string { + const cmd_substitution_warning = + '\n*** WARNING: Command substitution using $(), `` ` ``, <(), or >() is not allowed for security reasons.'; if (os.platform() === 'win32') { - return 'Exact command to execute as `cmd.exe /c `'; + return ( + 'Exact command to execute as `cmd.exe /c `' + + cmd_substitution_warning + ); } else { - return 'Exact bash command to execute as `bash -c `'; + return ( + 'Exact bash command to execute as `bash -c `' + + cmd_substitution_warning + ); } } diff --git a/packages/core/src/utils/shell-utils.test.ts b/packages/core/src/utils/shell-utils.test.ts index 3c18fff49c..9ac6b207ad 100644 --- a/packages/core/src/utils/shell-utils.test.ts +++ b/packages/core/src/utils/shell-utils.test.ts @@ -145,6 +145,15 @@ describe('isCommandAllowed', () => { expect(result.reason).toContain('Command substitution'); }); + it('should block command substitution using `>(...)`', () => { + const result = isCommandAllowed( + 'echo "Log message" > >(tee log.txt)', + config, + ); + expect(result.allowed).toBe(false); + expect(result.reason).toContain('Command substitution'); + }); + it('should block command substitution using backticks', () => { const result = isCommandAllowed('echo `rm -rf /`', config); expect(result.allowed).toBe(false); diff --git a/packages/core/src/utils/shell-utils.ts b/packages/core/src/utils/shell-utils.ts index 10238264b9..e038e7cf2d 100644 --- a/packages/core/src/utils/shell-utils.ts +++ b/packages/core/src/utils/shell-utils.ts @@ -266,6 +266,11 @@ export function detectCommandSubstitution(command: string): boolean { return true; } + // >(...) process substitution - works unquoted only (not in double quotes) + if (char === '>' && nextChar === '(' && !inDoubleQuotes && !inBackticks) { + return true; + } + // Backtick command substitution - check for opening backtick // (We track the state above, so this catches the start of backtick substitution) if (char === '`' && !inBackticks) { @@ -319,7 +324,7 @@ export function checkCommandPermissions( allAllowed: false, disallowedCommands: [command], blockReason: - 'Command substitution using $(), <(), or >() is not allowed for security reasons', + 'Command substitution using $(), `` ` ``, <(), or >() is not allowed for security reasons', isHardDenial: true, }; }