apunkt/rowboat
1
0
Fork 0
mirror of https://github.com/rowboatlabs/rowboat.git synced 2026-04-27 09:26:23 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

wire up bash allowlist

Browse source
This commit is contained in:
Ramnique Singh 2025-11-18 20:54:54 +05:30
parent f6019a4fde
commit 150f23ab90
2 changed files with 17 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

29
apps/cli/src/application/lib/command-executor.ts
View file

@ -55,18 +55,15 @@ function findBlockedCommands(command: string): string[] {
return invoked.filter((cmd) => !allowSet.has(cmd));
}
function enforceSecurity(command: string): CommandResult | null {
// export const BlockedResult = {
// stdout: '',
// stderr: `Command blocked by security policy. Update ${SECURITY_CONFIG_PATH} to allow them before retrying.`,
// exitCode: 126,
// };
export function isBlocked(command: string): boolean {
const blocked = findBlockedCommands(command);
if (!blocked.length) {
return null;
}
return {
stdout: '',
stderr: `Command blocked by security policy. Blocked command(s): ${blocked.join(', ')}. Update ${SECURITY_CONFIG_PATH} to allow them before retrying.`,
exitCode: 126,
};
return blocked.length > 0;
}
export interface CommandResult {
@ -89,11 +86,6 @@ export async function executeCommand(
maxBuffer?: number; // max buffer size in bytes
}
): Promise<CommandResult> {
const securityResult = enforceSecurity(command);
if (securityResult) {
return securityResult;
}
try {
const { stdout, stderr } = await execPromise(command, {
cwd: options?.cwd,
@ -128,11 +120,6 @@ export function executeCommandSync(
timeout?: number;
}
): CommandResult {
const securityResult = enforceSecurity(command);
if (securityResult) {
return securityResult;
}
try {
const stdout = execSync(command, {
cwd: options?.cwd,