aeonframework a2fb45a08f fix(security): close & (background) command-executor allowlist bypass ... extractCommandNames() splits on shell separators to enumerate the commands an LLM-generated shell string will invoke, then the allowlist gate isBlocked() decides whether to ask the user for permission. The split regex was missing single `&` (background separator), so: isBlocked('echo hi & rm -rf $HOME', new Set(['echo'])) // false The parser saw only `echo`, but bash actually runs `echo hi` in the background then immediately runs `rm -rf $HOME` — without prompting. The cli copy of the parser was also missing backtick, `$(`, `(`, and `)`, so command substitution and subshells (`echo \`rm /x\``, `echo $(rm /x)`, `(rm /x)`) bypassed it the same way. Fix: add `&` to both regexes (ordered after `&&` so leftmost-longest match still picks `&&` first), and bring the cli regex up to parity with the apps/x version. Severity: high. CWE-78 (OS Command Injection), CWE-863 (incorrect authorization). Detected by Aeon + semgrep + manual parser review.		2026-05-10 19:35:03 +00:00
..
bin	initial version of tui	2026-01-16 12:05:33 +05:30
src	fix(security): close & (background) command-executor allowlist bypass	2026-05-10 19:35:03 +00:00
.gitignore	server for rowboatx	2026-01-16 12:05:33 +05:30
package-lock.json	markdown agent files	2026-01-16 12:05:33 +05:30
package.json	add migrate agents script	2026-01-16 12:05:33 +05:30
todo.md	first commit	2025-11-04 15:31:12 +05:30
tsconfig.json	initial version of tui	2026-01-16 12:05:33 +05:30