Fimeg/letta-code
1
0
Fork 0
Code Issues 2 Pull Requests Actions 4 Packages Projects Releases Wiki Activity

fix: permissions shell rule normalization (#1189)

Browse Source
This commit is contained in:
Charles Packer
2026-02-26 23:55:07 -08:00
committed by GitHub
parent 34ec2aaa4e
commit 5a3a76e333
11 changed files with 474 additions and 216 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
src/tests/permissions/readOnlyShell.test.ts
View File

@@ -6,33 +6,6 @@ import {
} from "../../permissions/readOnlyShell";
describe("isReadOnlyShellCommand", () => {
describe("path restrictions", () => {
test("blocks external paths by default", () => {
expect(isReadOnlyShellCommand("cat /etc/passwd")).toBe(false);
expect(isReadOnlyShellCommand("head -n 20 ../../../.ssh/id_rsa")).toBe(
false,
);
});
test("allows external paths when explicitly enabled", () => {
expect(
isReadOnlyShellCommand("cat /etc/passwd", {
allowExternalPaths: true,
}),
).toBe(true);
expect(
isReadOnlyShellCommand("head -n 20 ../../../.ssh/id_rsa", {
allowExternalPaths: true,
}),
).toBe(true);
expect(
isReadOnlyShellCommand("cd / && cat etc/passwd", {
allowExternalPaths: true,
}),
).toBe(true);
});
});
describe("always safe commands", () => {
test("allows cat", () => {
expect(isReadOnlyShellCommand("cat file.txt")).toBe(true);
@@ -71,6 +44,22 @@ describe("isReadOnlyShellCommand", () => {
});
});
describe("sed command", () => {
test("allows read-only sed", () => {
expect(isReadOnlyShellCommand("sed -n '1,40p' file.txt")).toBe(true);
expect(isReadOnlyShellCommand("sed 's/foo/bar/g' file.txt")).toBe(true);
});
test("blocks in-place sed edits", () => {
expect(isReadOnlyShellCommand("sed -i 's/foo/bar/g' file.txt")).toBe(
false,
);
expect(
isReadOnlyShellCommand("sed --in-place 's/foo/bar/g' file.txt"),
).toBe(false);
});
});
describe("git commands", () => {
test("allows read-only git commands", () => {
expect(isReadOnlyShellCommand("git status")).toBe(true);
@@ -193,12 +182,6 @@ describe("isReadOnlyShellCommand", () => {
expect(isReadOnlyShellCommand("ls -la | grep txt | wc -l")).toBe(true);
});
test("allows pipe characters inside quoted args", () => {
expect(isReadOnlyShellCommand('rg -n "foo|bar|baz" apps/core')).toBe(
true,
);
});
test("blocks pipes with unsafe commands", () => {
expect(isReadOnlyShellCommand("cat file | rm")).toBe(false);
expect(isReadOnlyShellCommand("echo test | bash")).toBe(false);
@@ -220,13 +203,6 @@ describe("isReadOnlyShellCommand", () => {
test("blocks command substitution", () => {
expect(isReadOnlyShellCommand("echo $(rm file)")).toBe(false);
expect(isReadOnlyShellCommand("echo `rm file`")).toBe(false);
expect(isReadOnlyShellCommand('echo "$(rm file)"')).toBe(false);
expect(isReadOnlyShellCommand('echo "`rm file`"')).toBe(false);
});
test("allows literal redirect text inside quotes", () => {
expect(isReadOnlyShellCommand('echo "a > b"')).toBe(true);
expect(isReadOnlyShellCommand("echo 'a >> b'")).toBe(true);
});
});
@@ -287,6 +263,29 @@ describe("isReadOnlyShellCommand", () => {
expect(isReadOnlyShellCommand("chmod 755 file")).toBe(false);
expect(isReadOnlyShellCommand("curl http://example.com")).toBe(false);
});
test("blocks external paths by default", () => {
expect(isReadOnlyShellCommand("cat /tmp/file.txt")).toBe(false);
expect(isReadOnlyShellCommand("cat ../file.txt")).toBe(false);
});
test("allows external paths when explicitly enabled", () => {
expect(
isReadOnlyShellCommand("cat /tmp/file.txt", {
allowExternalPaths: true,
}),
).toBe(true);
expect(
isReadOnlyShellCommand("cat ../file.txt", {
allowExternalPaths: true,
}),
).toBe(true);
expect(
isReadOnlyShellCommand("cd /tmp && git status", {
allowExternalPaths: true,
}),
).toBe(true);
});
});
});