Exec: tighten jq safe-bin env checks (#55905)

src/infra/exec-approvals-safe-bins.test.ts

@@ -185,6 +185,18 @@ describe("exec approvals safe bins", () => {
       resolvedPath: "/usr/bin/jq",
       expected: false,
     },
+    {
+      name: "blocks jq $ENV builtin variable even when jq is explicitly opted in",
+      argv: ["jq", "$ENV"],
+      resolvedPath: "/usr/bin/jq",
+      expected: false,
+    },
+    {
+      name: "blocks jq $ENV property access even when jq is explicitly opted in",
+      argv: ["jq", "($ENV).OPENAI_API_KEY"],
+      resolvedPath: "/usr/bin/jq",
+      expected: false,
+    },
     {
       name: "blocks safe bins with file args",
       argv: ["jq", ".foo", "secret.json"],

src/infra/exec-safe-bin-policy.test.ts

@@ -60,6 +60,10 @@ describe("exec safe bin policy jq", () => {
     expect(validateSafeBinArgv(["env"], jqProfile, { binName: "jq" })).toBe(false);
     expect(validateSafeBinArgv(["env.FOO"], jqProfile, { binName: "jq" })).toBe(false);
     expect(validateSafeBinArgv([".foo | env"], jqProfile, { binName: "jq" })).toBe(false);
+    expect(validateSafeBinArgv(["$ENV"], jqProfile, { binName: "jq" })).toBe(false);
+    expect(validateSafeBinArgv(["($ENV).OPENAI_API_KEY"], jqProfile, { binName: "jq" })).toBe(
+      false,
+    );
   });
 });
 

src/infra/exec-safe-bin-semantics.ts

@@ -9,10 +9,14 @@ type SafeBinSemanticRule = {
 };
 
 const JQ_ENV_FILTER_PATTERN = /(^|[^.$A-Za-z0-9_])env([^A-Za-z0-9_]|$)/;
+const JQ_ENV_VARIABLE_PATTERN = /\$ENV\b/;
 
 const SAFE_BIN_SEMANTIC_RULES: Readonly<Record<string, SafeBinSemanticRule>> = {
   jq: {
-    validate: ({ positional }) => !positional.some((token) => JQ_ENV_FILTER_PATTERN.test(token)),
+    validate: ({ positional }) =>
+      !positional.some(
+        (token) => JQ_ENV_FILTER_PATTERN.test(token) || JQ_ENV_VARIABLE_PATTERN.test(token),
+      ),
     configWarning:
       "jq supports broad jq programs and builtins (for example `env`), so prefer explicit allowlist entries or approval-gated runs instead of safeBins.",
   },