LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-03-07 22:44:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(exec): split safe-bin policy modules and dedupe allowlist flow

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-24 03:04:57 +00:00
parent c5ac90ab92
commit 9530c01085
4 changed files with 565 additions and 506 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
src/infra/exec-approvals-allowlist.ts
View File

@@ -178,6 +178,13 @@ function evaluateSegments(
return { satisfied, matches, segmentSatisfiedBy };
}
function resolveAnalysisSegmentGroups(analysis: ExecCommandAnalysis): ExecCommandSegment[][] {
if (analysis.chains) {
return analysis.chains;
}
return [analysis.segments];
}
export function evaluateExecAllowlist(params: {
analysis: ExecCommandAnalysis;
allowlist: ExecAllowlistEntry[];
@@ -195,44 +202,32 @@ export function evaluateExecAllowlist(params: {
return { allowlistSatisfied: false, allowlistMatches, segmentSatisfiedBy };
}
// If the analysis contains chains, evaluate each chain part separately
if (params.analysis.chains) {
for (const chainSegments of params.analysis.chains) {
const result = evaluateSegments(chainSegments, {
allowlist: params.allowlist,
safeBins: params.safeBins,
safeBinProfiles: params.safeBinProfiles,
cwd: params.cwd,
platform: params.platform,
trustedSafeBinDirs: params.trustedSafeBinDirs,
skillBins: params.skillBins,
autoAllowSkills: params.autoAllowSkills,
});
if (!result.satisfied) {
return { allowlistSatisfied: false, allowlistMatches: [], segmentSatisfiedBy: [] };
const hasChains = Boolean(params.analysis.chains);
for (const group of resolveAnalysisSegmentGroups(params.analysis)) {
const result = evaluateSegments(group, {
allowlist: params.allowlist,
safeBins: params.safeBins,
safeBinProfiles: params.safeBinProfiles,
cwd: params.cwd,
platform: params.platform,
trustedSafeBinDirs: params.trustedSafeBinDirs,
skillBins: params.skillBins,
autoAllowSkills: params.autoAllowSkills,
});
if (!result.satisfied) {
if (!hasChains) {
return {
allowlistSatisfied: false,
allowlistMatches: result.matches,
segmentSatisfiedBy: result.segmentSatisfiedBy,
};
}
allowlistMatches.push(...result.matches);
segmentSatisfiedBy.push(...result.segmentSatisfiedBy);
return { allowlistSatisfied: false, allowlistMatches: [], segmentSatisfiedBy: [] };
}
return { allowlistSatisfied: true, allowlistMatches, segmentSatisfiedBy };
allowlistMatches.push(...result.matches);
segmentSatisfiedBy.push(...result.segmentSatisfiedBy);
}
// No chains, evaluate all segments together
const result = evaluateSegments(params.analysis.segments, {
allowlist: params.allowlist,
safeBins: params.safeBins,
safeBinProfiles: params.safeBinProfiles,
cwd: params.cwd,
platform: params.platform,
trustedSafeBinDirs: params.trustedSafeBinDirs,
skillBins: params.skillBins,
autoAllowSkills: params.autoAllowSkills,
});
return {
allowlistSatisfied: result.satisfied,
allowlistMatches: result.matches,
segmentSatisfiedBy: result.segmentSatisfiedBy,
};
return { allowlistSatisfied: true, allowlistMatches, segmentSatisfiedBy };
}
export type ExecAllowlistAnalysis = {

315
src/infra/exec-safe-bin-policy-profiles.ts Normal file
View File

@@ -0,0 +1,315 @@
export type SafeBinProfile = {
minPositional?: number;
maxPositional?: number;
allowedValueFlags?: ReadonlySet<string>;
deniedFlags?: ReadonlySet<string>;
// Precomputed long-option metadata for GNU abbreviation resolution.
knownLongFlags?: readonly string[];
knownLongFlagsSet?: ReadonlySet<string>;
longFlagPrefixMap?: ReadonlyMap<string, string | null>;
};
export type SafeBinProfileFixture = {
minPositional?: number;
maxPositional?: number;
allowedValueFlags?: readonly string[];
deniedFlags?: readonly string[];
};
export type SafeBinProfileFixtures = Readonly<Record<string, SafeBinProfileFixture>>;
const NO_FLAGS: ReadonlySet<string> = new Set();
const toFlagSet = (flags?: readonly string[]): ReadonlySet<string> => {
if (!flags || flags.length === 0) {
return NO_FLAGS;
}
return new Set(flags);
};
export function collectKnownLongFlags(
allowedValueFlags: ReadonlySet<string>,
deniedFlags: ReadonlySet<string>,
): string[] {
const known = new Set<string>();
for (const flag of allowedValueFlags) {
if (flag.startsWith("--")) {
known.add(flag);
}
}
for (const flag of deniedFlags) {
if (flag.startsWith("--")) {
known.add(flag);
}
}
return Array.from(known);
}
export function buildLongFlagPrefixMap(
knownLongFlags: readonly string[],
): ReadonlyMap<string, string | null> {
const prefixMap = new Map<string, string | null>();
for (const flag of knownLongFlags) {
if (!flag.startsWith("--") || flag.length <= 2) {
continue;
}
for (let length = 3; length <= flag.length; length += 1) {
const prefix = flag.slice(0, length);
const existing = prefixMap.get(prefix);
if (existing === undefined) {
prefixMap.set(prefix, flag);
continue;
}
if (existing !== flag) {
prefixMap.set(prefix, null);
}
}
}
return prefixMap;
}
function compileSafeBinProfile(fixture: SafeBinProfileFixture): SafeBinProfile {
const allowedValueFlags = toFlagSet(fixture.allowedValueFlags);
const deniedFlags = toFlagSet(fixture.deniedFlags);
const knownLongFlags = collectKnownLongFlags(allowedValueFlags, deniedFlags);
return {
minPositional: fixture.minPositional,
maxPositional: fixture.maxPositional,
allowedValueFlags,
deniedFlags,
knownLongFlags,
knownLongFlagsSet: new Set(knownLongFlags),
longFlagPrefixMap: buildLongFlagPrefixMap(knownLongFlags),
};
}
function compileSafeBinProfiles(
fixtures: Record<string, SafeBinProfileFixture>,
): Record<string, SafeBinProfile> {
return Object.fromEntries(
Object.entries(fixtures).map(([name, fixture]) => [name, compileSafeBinProfile(fixture)]),
) as Record<string, SafeBinProfile>;
}
export const SAFE_BIN_PROFILE_FIXTURES: Record<string, SafeBinProfileFixture> = {
jq: {
maxPositional: 1,
allowedValueFlags: ["--arg", "--argjson", "--argstr"],
deniedFlags: [
"--argfile",
"--rawfile",
"--slurpfile",
"--from-file",
"--library-path",
"-L",
"-f",
],
},
grep: {
// Keep grep stdin-only: pattern must come from -e/--regexp.
// Allowing one positional is ambiguous because -e consumes the pattern and
// frees the positional slot for a filename.
maxPositional: 0,
allowedValueFlags: [
"--regexp",
"--max-count",
"--after-context",
"--before-context",
"--context",
"--devices",
"--binary-files",
"--exclude",
"--include",
"--label",
"-e",
"-m",
"-A",
"-B",
"-C",
"-D",
],
deniedFlags: [
"--file",
"--exclude-from",
"--dereference-recursive",
"--directories",
"--recursive",
"-f",
"-d",
"-r",
"-R",
],
},
cut: {
maxPositional: 0,
allowedValueFlags: [
"--bytes",
"--characters",
"--fields",
"--delimiter",
"--output-delimiter",
"-b",
"-c",
"-f",
"-d",
],
},
sort: {
maxPositional: 0,
allowedValueFlags: [
"--key",
"--field-separator",
"--buffer-size",
"--parallel",
"--batch-size",
"-k",
"-t",
"-S",
],
// --compress-program can invoke an external executable and breaks stdin-only guarantees.
// --random-source/--temporary-directory/-T are filesystem-dependent and not stdin-only.
deniedFlags: [
"--compress-program",
"--files0-from",
"--output",
"--random-source",
"--temporary-directory",
"-T",
"-o",
],
},
uniq: {
maxPositional: 0,
allowedValueFlags: [
"--skip-fields",
"--skip-chars",
"--check-chars",
"--group",
"-f",
"-s",
"-w",
],
},
head: {
maxPositional: 0,
allowedValueFlags: ["--lines", "--bytes", "-n", "-c"],
},
tail: {
maxPositional: 0,
allowedValueFlags: [
"--lines",
"--bytes",
"--sleep-interval",
"--max-unchanged-stats",
"--pid",
"-n",
"-c",
],
},
tr: {
minPositional: 1,
maxPositional: 2,
},
wc: {
maxPositional: 0,
deniedFlags: ["--files0-from"],
},
};
export const SAFE_BIN_PROFILES: Record<string, SafeBinProfile> =
compileSafeBinProfiles(SAFE_BIN_PROFILE_FIXTURES);
function normalizeSafeBinProfileName(raw: string): string | null {
const name = raw.trim().toLowerCase();
return name.length > 0 ? name : null;
}
function normalizeFixtureLimit(raw: number | undefined): number | undefined {
if (typeof raw !== "number" || !Number.isFinite(raw)) {
return undefined;
}
const next = Math.trunc(raw);
return next >= 0 ? next : undefined;
}
function normalizeFixtureFlags(
flags: readonly string[] | undefined,
): readonly string[] | undefined {
if (!Array.isArray(flags) || flags.length === 0) {
return undefined;
}
const normalized = Array.from(
new Set(flags.map((flag) => flag.trim()).filter((flag) => flag.length > 0)),
).toSorted((a, b) => a.localeCompare(b));
return normalized.length > 0 ? normalized : undefined;
}
function normalizeSafeBinProfileFixture(fixture: SafeBinProfileFixture): SafeBinProfileFixture {
const minPositional = normalizeFixtureLimit(fixture.minPositional);
const maxPositionalRaw = normalizeFixtureLimit(fixture.maxPositional);
const maxPositional =
minPositional !== undefined &&
maxPositionalRaw !== undefined &&
maxPositionalRaw < minPositional
? minPositional
: maxPositionalRaw;
return {
minPositional,
maxPositional,
allowedValueFlags: normalizeFixtureFlags(fixture.allowedValueFlags),
deniedFlags: normalizeFixtureFlags(fixture.deniedFlags),
};
}
export function normalizeSafeBinProfileFixtures(
fixtures?: SafeBinProfileFixtures | null,
): Record<string, SafeBinProfileFixture> {
const normalized: Record<string, SafeBinProfileFixture> = {};
if (!fixtures) {
return normalized;
}
for (const [rawName, fixture] of Object.entries(fixtures)) {
const name = normalizeSafeBinProfileName(rawName);
if (!name) {
continue;
}
normalized[name] = normalizeSafeBinProfileFixture(fixture);
}
return normalized;
}
export function resolveSafeBinProfiles(
fixtures?: SafeBinProfileFixtures | null,
): Record<string, SafeBinProfile> {
const normalizedFixtures = normalizeSafeBinProfileFixtures(fixtures);
if (Object.keys(normalizedFixtures).length === 0) {
return SAFE_BIN_PROFILES;
}
return {
...SAFE_BIN_PROFILES,
...compileSafeBinProfiles(normalizedFixtures),
};
}
export function resolveSafeBinDeniedFlags(
fixtures: Readonly<Record<string, SafeBinProfileFixture>> = SAFE_BIN_PROFILE_FIXTURES,
): Record<string, string[]> {
const out: Record<string, string[]> = {};
for (const [name, fixture] of Object.entries(fixtures)) {
const denied = Array.from(new Set(fixture.deniedFlags ?? [])).toSorted();
if (denied.length > 0) {
out[name] = denied;
}
}
return out;
}
export function renderSafeBinDeniedFlagsDocBullets(
fixtures: Readonly<Record<string, SafeBinProfileFixture>> = SAFE_BIN_PROFILE_FIXTURES,
): string {
const deniedByBin = resolveSafeBinDeniedFlags(fixtures);
const bins = Object.keys(deniedByBin).toSorted();
return bins
.map((bin) => `- \`${bin}\`: ${deniedByBin[bin].map((flag) => `\`${flag}\``).join(", ")}`)
.join("\n");
}

206
src/infra/exec-safe-bin-policy-validator.ts Normal file
View File

@@ -0,0 +1,206 @@
import { parseExecArgvToken } from "./exec-approvals-analysis.js";
import {
buildLongFlagPrefixMap,
collectKnownLongFlags,
type SafeBinProfile,
} from "./exec-safe-bin-policy-profiles.js";
function isPathLikeToken(value: string): boolean {
const trimmed = value.trim();
if (!trimmed) {
return false;
}
if (trimmed === "-") {
return false;
}
if (trimmed.startsWith("./") || trimmed.startsWith("../") || trimmed.startsWith("~")) {
return true;
}
if (trimmed.startsWith("/")) {
return true;
}
return /^[A-Za-z]:[\\/]/.test(trimmed);
}
function hasGlobToken(value: string): boolean {
// Safe bins are stdin-only; globbing is both surprising and a historical bypass vector.
// Note: we still harden execution-time expansion separately.
return /[*?[\]]/.test(value);
}
const NO_FLAGS: ReadonlySet<string> = new Set();
function isSafeLiteralToken(value: string): boolean {
if (!value || value === "-") {
return true;
}
return !hasGlobToken(value) && !isPathLikeToken(value);
}
function isInvalidValueToken(value: string | undefined): boolean {
return !value || !isSafeLiteralToken(value);
}
function resolveCanonicalLongFlag(params: {
flag: string;
knownLongFlagsSet: ReadonlySet<string>;
longFlagPrefixMap: ReadonlyMap<string, string | null>;
}): string | null {
if (!params.flag.startsWith("--") || params.flag.length <= 2) {
return null;
}
if (params.knownLongFlagsSet.has(params.flag)) {
return params.flag;
}
return params.longFlagPrefixMap.get(params.flag) ?? null;
}
function consumeLongOptionToken(params: {
args: string[];
index: number;
flag: string;
inlineValue: string | undefined;
allowedValueFlags: ReadonlySet<string>;
deniedFlags: ReadonlySet<string>;
knownLongFlagsSet: ReadonlySet<string>;
longFlagPrefixMap: ReadonlyMap<string, string | null>;
}): number {
const canonicalFlag = resolveCanonicalLongFlag({
flag: params.flag,
knownLongFlagsSet: params.knownLongFlagsSet,
longFlagPrefixMap: params.longFlagPrefixMap,
});
if (!canonicalFlag) {
return -1;
}
if (params.deniedFlags.has(canonicalFlag)) {
return -1;
}
const expectsValue = params.allowedValueFlags.has(canonicalFlag);
if (params.inlineValue !== undefined) {
if (!expectsValue) {
return -1;
}
return isSafeLiteralToken(params.inlineValue) ? params.index + 1 : -1;
}
if (!expectsValue) {
return params.index + 1;
}
return isInvalidValueToken(params.args[params.index + 1]) ? -1 : params.index + 2;
}
function consumeShortOptionClusterToken(params: {
args: string[];
index: number;
cluster: string;
flags: string[];
allowedValueFlags: ReadonlySet<string>;
deniedFlags: ReadonlySet<string>;
}): number {
for (let j = 0; j < params.flags.length; j += 1) {
const flag = params.flags[j];
if (params.deniedFlags.has(flag)) {
return -1;
}
if (!params.allowedValueFlags.has(flag)) {
continue;
}
const inlineValue = params.cluster.slice(j + 1);
if (inlineValue) {
return isSafeLiteralToken(inlineValue) ? params.index + 1 : -1;
}
return isInvalidValueToken(params.args[params.index + 1]) ? -1 : params.index + 2;
}
return -1;
}
function consumePositionalToken(token: string, positional: string[]): boolean {
if (!isSafeLiteralToken(token)) {
return false;
}
positional.push(token);
return true;
}
function validatePositionalCount(positional: string[], profile: SafeBinProfile): boolean {
const minPositional = profile.minPositional ?? 0;
if (positional.length < minPositional) {
return false;
}
return typeof profile.maxPositional !== "number" || positional.length <= profile.maxPositional;
}
export function validateSafeBinArgv(args: string[], profile: SafeBinProfile): boolean {
const allowedValueFlags = profile.allowedValueFlags ?? NO_FLAGS;
const deniedFlags = profile.deniedFlags ?? NO_FLAGS;
const knownLongFlags =
profile.knownLongFlags ?? collectKnownLongFlags(allowedValueFlags, deniedFlags);
const knownLongFlagsSet = profile.knownLongFlagsSet ?? new Set(knownLongFlags);
const longFlagPrefixMap = profile.longFlagPrefixMap ?? buildLongFlagPrefixMap(knownLongFlags);
const positional: string[] = [];
let i = 0;
while (i < args.length) {
const rawToken = args[i] ?? "";
const token = parseExecArgvToken(rawToken);
if (token.kind === "empty" || token.kind === "stdin") {
i += 1;
continue;
}
if (token.kind === "terminator") {
for (let j = i + 1; j < args.length; j += 1) {
const rest = args[j];
if (!rest || rest === "-") {
continue;
}
if (!consumePositionalToken(rest, positional)) {
return false;
}
}
break;
}
if (token.kind === "positional") {
if (!consumePositionalToken(token.raw, positional)) {
return false;
}
i += 1;
continue;
}
if (token.style === "long") {
const nextIndex = consumeLongOptionToken({
args,
index: i,
flag: token.flag,
inlineValue: token.inlineValue,
allowedValueFlags,
deniedFlags,
knownLongFlagsSet,
longFlagPrefixMap,
});
if (nextIndex < 0) {
return false;
}
i = nextIndex;
continue;
}
const nextIndex = consumeShortOptionClusterToken({
args,
index: i,
cluster: token.cluster,
flags: token.flags,
allowedValueFlags,
deniedFlags,
});
if (nextIndex < 0) {
return false;
}
i = nextIndex;
}
return validatePositionalCount(positional, profile);
}

485
src/infra/exec-safe-bin-policy.ts
View File

@@ -1,472 +1,15 @@
import { parseExecArgvToken } from "./exec-approvals-analysis.js";
export {
SAFE_BIN_PROFILE_FIXTURES,
SAFE_BIN_PROFILES,
buildLongFlagPrefixMap,
collectKnownLongFlags,
normalizeSafeBinProfileFixtures,
renderSafeBinDeniedFlagsDocBullets,
resolveSafeBinDeniedFlags,
resolveSafeBinProfiles,
type SafeBinProfile,
type SafeBinProfileFixture,
type SafeBinProfileFixtures,
} from "./exec-safe-bin-policy-profiles.js";
function isPathLikeToken(value: string): boolean {
const trimmed = value.trim();
if (!trimmed) {
return false;
}
if (trimmed === "-") {
return false;
}
if (trimmed.startsWith("./") || trimmed.startsWith("../") || trimmed.startsWith("~")) {
return true;
}
if (trimmed.startsWith("/")) {
return true;
}
return /^[A-Za-z]:[\\/]/.test(trimmed);
}
function hasGlobToken(value: string): boolean {
// Safe bins are stdin-only; globbing is both surprising and a historical bypass vector.
// Note: we still harden execution-time expansion separately.
return /[*?[\]]/.test(value);
}
export type SafeBinProfile = {
minPositional?: number;
maxPositional?: number;
allowedValueFlags?: ReadonlySet<string>;
deniedFlags?: ReadonlySet<string>;
};
export type SafeBinProfileFixture = {
minPositional?: number;
maxPositional?: number;
allowedValueFlags?: readonly string[];
deniedFlags?: readonly string[];
};
export type SafeBinProfileFixtures = Readonly<Record<string, SafeBinProfileFixture>>;
const NO_FLAGS: ReadonlySet<string> = new Set();
const toFlagSet = (flags?: readonly string[]): ReadonlySet<string> => {
if (!flags || flags.length === 0) {
return NO_FLAGS;
}
return new Set(flags);
};
function compileSafeBinProfile(fixture: SafeBinProfileFixture): SafeBinProfile {
return {
minPositional: fixture.minPositional,
maxPositional: fixture.maxPositional,
allowedValueFlags: toFlagSet(fixture.allowedValueFlags),
deniedFlags: toFlagSet(fixture.deniedFlags),
};
}
function compileSafeBinProfiles(
fixtures: Record<string, SafeBinProfileFixture>,
): Record<string, SafeBinProfile> {
return Object.fromEntries(
Object.entries(fixtures).map(([name, fixture]) => [name, compileSafeBinProfile(fixture)]),
) as Record<string, SafeBinProfile>;
}
export const SAFE_BIN_PROFILE_FIXTURES: Record<string, SafeBinProfileFixture> = {
jq: {
maxPositional: 1,
allowedValueFlags: ["--arg", "--argjson", "--argstr"],
deniedFlags: [
"--argfile",
"--rawfile",
"--slurpfile",
"--from-file",
"--library-path",
"-L",
"-f",
],
},
grep: {
// Keep grep stdin-only: pattern must come from -e/--regexp.
// Allowing one positional is ambiguous because -e consumes the pattern and
// frees the positional slot for a filename.
maxPositional: 0,
allowedValueFlags: [
"--regexp",
"--max-count",
"--after-context",
"--before-context",
"--context",
"--devices",
"--binary-files",
"--exclude",
"--include",
"--label",
"-e",
"-m",
"-A",
"-B",
"-C",
"-D",
],
deniedFlags: [
"--file",
"--exclude-from",
"--dereference-recursive",
"--directories",
"--recursive",
"-f",
"-d",
"-r",
"-R",
],
},
cut: {
maxPositional: 0,
allowedValueFlags: [
"--bytes",
"--characters",
"--fields",
"--delimiter",
"--output-delimiter",
"-b",
"-c",
"-f",
"-d",
],
},
sort: {
maxPositional: 0,
allowedValueFlags: [
"--key",
"--field-separator",
"--buffer-size",
"--parallel",
"--batch-size",
"-k",
"-t",
"-S",
],
// --compress-program can invoke an external executable and breaks stdin-only guarantees.
// --random-source/--temporary-directory/-T are filesystem-dependent and not stdin-only.
deniedFlags: [
"--compress-program",
"--files0-from",
"--output",
"--random-source",
"--temporary-directory",
"-T",
"-o",
],
},
uniq: {
maxPositional: 0,
allowedValueFlags: [
"--skip-fields",
"--skip-chars",
"--check-chars",
"--group",
"-f",
"-s",
"-w",
],
},
head: {
maxPositional: 0,
allowedValueFlags: ["--lines", "--bytes", "-n", "-c"],
},
tail: {
maxPositional: 0,
allowedValueFlags: [
"--lines",
"--bytes",
"--sleep-interval",
"--max-unchanged-stats",
"--pid",
"-n",
"-c",
],
},
tr: {
minPositional: 1,
maxPositional: 2,
},
wc: {
maxPositional: 0,
deniedFlags: ["--files0-from"],
},
};
export const SAFE_BIN_PROFILES: Record<string, SafeBinProfile> =
compileSafeBinProfiles(SAFE_BIN_PROFILE_FIXTURES);
function normalizeSafeBinProfileName(raw: string): string | null {
const name = raw.trim().toLowerCase();
return name.length > 0 ? name : null;
}
function normalizeFixtureLimit(raw: number | undefined): number | undefined {
if (typeof raw !== "number" || !Number.isFinite(raw)) {
return undefined;
}
const next = Math.trunc(raw);
return next >= 0 ? next : undefined;
}
function normalizeFixtureFlags(
flags: readonly string[] | undefined,
): readonly string[] | undefined {
if (!Array.isArray(flags) || flags.length === 0) {
return undefined;
}
const normalized = Array.from(
new Set(flags.map((flag) => flag.trim()).filter((flag) => flag.length > 0)),
).toSorted((a, b) => a.localeCompare(b));
return normalized.length > 0 ? normalized : undefined;
}
function normalizeSafeBinProfileFixture(fixture: SafeBinProfileFixture): SafeBinProfileFixture {
const minPositional = normalizeFixtureLimit(fixture.minPositional);
const maxPositionalRaw = normalizeFixtureLimit(fixture.maxPositional);
const maxPositional =
minPositional !== undefined &&
maxPositionalRaw !== undefined &&
maxPositionalRaw < minPositional
? minPositional
: maxPositionalRaw;
return {
minPositional,
maxPositional,
allowedValueFlags: normalizeFixtureFlags(fixture.allowedValueFlags),
deniedFlags: normalizeFixtureFlags(fixture.deniedFlags),
};
}
export function normalizeSafeBinProfileFixtures(
fixtures?: SafeBinProfileFixtures | null,
): Record<string, SafeBinProfileFixture> {
const normalized: Record<string, SafeBinProfileFixture> = {};
if (!fixtures) {
return normalized;
}
for (const [rawName, fixture] of Object.entries(fixtures)) {
const name = normalizeSafeBinProfileName(rawName);
if (!name) {
continue;
}
normalized[name] = normalizeSafeBinProfileFixture(fixture);
}
return normalized;
}
export function resolveSafeBinProfiles(
fixtures?: SafeBinProfileFixtures | null,
): Record<string, SafeBinProfile> {
const normalizedFixtures = normalizeSafeBinProfileFixtures(fixtures);
if (Object.keys(normalizedFixtures).length === 0) {
return SAFE_BIN_PROFILES;
}
return {
...SAFE_BIN_PROFILES,
...compileSafeBinProfiles(normalizedFixtures),
};
}
export function resolveSafeBinDeniedFlags(
fixtures: Readonly<Record<string, SafeBinProfileFixture>> = SAFE_BIN_PROFILE_FIXTURES,
): Record<string, string[]> {
const out: Record<string, string[]> = {};
for (const [name, fixture] of Object.entries(fixtures)) {
const denied = Array.from(new Set(fixture.deniedFlags ?? [])).toSorted();
if (denied.length > 0) {
out[name] = denied;
}
}
return out;
}
export function renderSafeBinDeniedFlagsDocBullets(
fixtures: Readonly<Record<string, SafeBinProfileFixture>> = SAFE_BIN_PROFILE_FIXTURES,
): string {
const deniedByBin = resolveSafeBinDeniedFlags(fixtures);
const bins = Object.keys(deniedByBin).toSorted();
return bins
.map((bin) => `- \`${bin}\`: ${deniedByBin[bin].map((flag) => `\`${flag}\``).join(", ")}`)
.join("\n");
}
function isSafeLiteralToken(value: string): boolean {
if (!value || value === "-") {
return true;
}
return !hasGlobToken(value) && !isPathLikeToken(value);
}
function isInvalidValueToken(value: string | undefined): boolean {
return !value || !isSafeLiteralToken(value);
}
function collectKnownLongFlags(
allowedValueFlags: ReadonlySet<string>,
deniedFlags: ReadonlySet<string>,
): string[] {
const known = new Set<string>();
for (const flag of allowedValueFlags) {
if (flag.startsWith("--")) {
known.add(flag);
}
}
for (const flag of deniedFlags) {
if (flag.startsWith("--")) {
known.add(flag);
}
}
return Array.from(known);
}
function resolveCanonicalLongFlag(flag: string, knownLongFlags: string[]): string | null {
if (!flag.startsWith("--") || flag.length <= 2) {
return null;
}
if (knownLongFlags.includes(flag)) {
return flag;
}
const matches = knownLongFlags.filter((candidate) => candidate.startsWith(flag));
if (matches.length !== 1) {
return null;
}
return matches[0] ?? null;
}
function consumeLongOptionToken(
args: string[],
index: number,
flag: string,
inlineValue: string | undefined,
allowedValueFlags: ReadonlySet<string>,
deniedFlags: ReadonlySet<string>,
): number {
const knownLongFlags = collectKnownLongFlags(allowedValueFlags, deniedFlags);
const canonicalFlag = resolveCanonicalLongFlag(flag, knownLongFlags);
if (!canonicalFlag) {
return -1;
}
if (deniedFlags.has(canonicalFlag)) {
return -1;
}
const expectsValue = allowedValueFlags.has(canonicalFlag);
if (inlineValue !== undefined) {
if (!expectsValue) {
return -1;
}
return isSafeLiteralToken(inlineValue) ? index + 1 : -1;
}
if (!expectsValue) {
return index + 1;
}
return isInvalidValueToken(args[index + 1]) ? -1 : index + 2;
}
function consumeShortOptionClusterToken(
args: string[],
index: number,
_raw: string,
cluster: string,
flags: string[],
allowedValueFlags: ReadonlySet<string>,
deniedFlags: ReadonlySet<string>,
): number {
for (let j = 0; j < flags.length; j += 1) {
const flag = flags[j];
if (deniedFlags.has(flag)) {
return -1;
}
if (!allowedValueFlags.has(flag)) {
continue;
}
const inlineValue = cluster.slice(j + 1);
if (inlineValue) {
return isSafeLiteralToken(inlineValue) ? index + 1 : -1;
}
return isInvalidValueToken(args[index + 1]) ? -1 : index + 2;
}
return -1;
}
function consumePositionalToken(token: string, positional: string[]): boolean {
if (!isSafeLiteralToken(token)) {
return false;
}
positional.push(token);
return true;
}
function validatePositionalCount(positional: string[], profile: SafeBinProfile): boolean {
const minPositional = profile.minPositional ?? 0;
if (positional.length < minPositional) {
return false;
}
return typeof profile.maxPositional !== "number" || positional.length <= profile.maxPositional;
}
export function validateSafeBinArgv(args: string[], profile: SafeBinProfile): boolean {
const allowedValueFlags = profile.allowedValueFlags ?? NO_FLAGS;
const deniedFlags = profile.deniedFlags ?? NO_FLAGS;
const positional: string[] = [];
let i = 0;
while (i < args.length) {
const rawToken = args[i] ?? "";
const token = parseExecArgvToken(rawToken);
if (token.kind === "empty" || token.kind === "stdin") {
i += 1;
continue;
}
if (token.kind === "terminator") {
for (let j = i + 1; j < args.length; j += 1) {
const rest = args[j];
if (!rest || rest === "-") {
continue;
}
if (!consumePositionalToken(rest, positional)) {
return false;
}
}
break;
}
if (token.kind === "positional") {
if (!consumePositionalToken(token.raw, positional)) {
return false;
}
i += 1;
continue;
}
if (token.style === "long") {
const nextIndex = consumeLongOptionToken(
args,
i,
token.flag,
token.inlineValue,
allowedValueFlags,
deniedFlags,
);
if (nextIndex < 0) {
return false;
}
i = nextIndex;
continue;
}
const nextIndex = consumeShortOptionClusterToken(
args,
i,
token.raw,
token.cluster,
token.flags,
allowedValueFlags,
deniedFlags,
);
if (nextIndex < 0) {
return false;
}
i = nextIndex;
}
return validatePositionalCount(positional, profile);
}
export { validateSafeBinArgv } from "./exec-safe-bin-policy-validator.js";