|
| 1 | +/** |
| 2 | + * @license |
| 3 | + * Copyright 2026 Google LLC |
| 4 | + * SPDX-License-Identifier: Apache-2.0 |
| 5 | + */ |
| 6 | + |
| 7 | +import { describe, expect, it, vi } from 'vitest'; |
| 8 | + |
| 9 | +// Mock shell-utils to avoid relying on tree-sitter WASM |
| 10 | +vi.mock('../../utils/shell-utils.js', () => ({ |
| 11 | + initializeShellParsers: vi.fn().mockResolvedValue(undefined), |
| 12 | + splitCommands: (cmd: string) => [cmd], |
| 13 | + stripShellWrapper: (cmd: string) => cmd, |
| 14 | + extractStringFromParseEntry: (entry: unknown) => { |
| 15 | + if (typeof entry === 'string') return entry; |
| 16 | + if (entry && typeof entry === 'object' && 'content' in entry) { |
| 17 | + return (entry as { content: string }).content; |
| 18 | + } |
| 19 | + return ''; |
| 20 | + }, |
| 21 | + normalizeCommand: (cmd: string) => { |
| 22 | + // Simple mock normalization: /bin/rm -> rm |
| 23 | + if (cmd.startsWith('/')) { |
| 24 | + const parts = cmd.split('/'); |
| 25 | + return parts[parts.length - 1]; |
| 26 | + } |
| 27 | + return cmd; |
| 28 | + }, |
| 29 | +})); |
| 30 | + |
| 31 | +import { isKnownSafeCommand, isDangerousCommand } from './commandSafety.js'; |
| 32 | + |
| 33 | +describe('POSIX commandSafety', () => { |
| 34 | + describe('isKnownSafeCommand', () => { |
| 35 | + it('should identify known safe commands', () => { |
| 36 | + expect(isKnownSafeCommand(['ls', '-la'])).toBe(true); |
| 37 | + expect(isKnownSafeCommand(['cat', 'file.txt'])).toBe(true); |
| 38 | + expect(isKnownSafeCommand(['pwd'])).toBe(true); |
| 39 | + expect(isKnownSafeCommand(['echo', 'hello'])).toBe(true); |
| 40 | + }); |
| 41 | + |
| 42 | + it('should identify safe git commands', () => { |
| 43 | + expect(isKnownSafeCommand(['git', 'status'])).toBe(true); |
| 44 | + expect(isKnownSafeCommand(['git', 'log'])).toBe(true); |
| 45 | + expect(isKnownSafeCommand(['git', 'diff'])).toBe(true); |
| 46 | + }); |
| 47 | + |
| 48 | + it('should reject unsafe git commands', () => { |
| 49 | + expect(isKnownSafeCommand(['git', 'commit'])).toBe(false); |
| 50 | + expect(isKnownSafeCommand(['git', 'push'])).toBe(false); |
| 51 | + expect(isKnownSafeCommand(['git', 'checkout'])).toBe(false); |
| 52 | + }); |
| 53 | + |
| 54 | + it('should reject commands with redirection', () => { |
| 55 | + // isKnownSafeCommand handles bash -c "..." which can have redirections |
| 56 | + // but the simple check for atomic commands doesn't see redirection because it's already parsed |
| 57 | + }); |
| 58 | + }); |
| 59 | + |
| 60 | + describe('isDangerousCommand', () => { |
| 61 | + it('should identify destructive rm commands', () => { |
| 62 | + expect(isDangerousCommand(['rm'])).toBe(true); |
| 63 | + expect(isDangerousCommand(['rm', 'file.txt'])).toBe(true); |
| 64 | + expect(isDangerousCommand(['rm', '-rf', '/'])).toBe(true); |
| 65 | + expect(isDangerousCommand(['rm', '-f', 'file'])).toBe(true); |
| 66 | + expect(isDangerousCommand(['rm', '-r', 'dir'])).toBe(true); |
| 67 | + expect(isDangerousCommand(['/bin/rm', 'file'])).toBe(true); |
| 68 | + }); |
| 69 | + |
| 70 | + it('should flag rm help/version as dangerous (strict)', () => { |
| 71 | + expect(isDangerousCommand(['rm', '--help'])).toBe(true); |
| 72 | + expect(isDangerousCommand(['rm', '--version'])).toBe(true); |
| 73 | + }); |
| 74 | + |
| 75 | + it('should identify sudo as dangerous if command is dangerous', () => { |
| 76 | + expect(isDangerousCommand(['sudo', 'rm', 'file'])).toBe(true); |
| 77 | + }); |
| 78 | + |
| 79 | + it('should identify find -exec as dangerous', () => { |
| 80 | + expect(isDangerousCommand(['find', '.', '-exec', 'rm', '{}', '+'])).toBe( |
| 81 | + true, |
| 82 | + ); |
| 83 | + }); |
| 84 | + |
| 85 | + it('should identify dangerous rg flags', () => { |
| 86 | + expect(isDangerousCommand(['rg', '--hostname-bin', 'something'])).toBe( |
| 87 | + true, |
| 88 | + ); |
| 89 | + }); |
| 90 | + }); |
| 91 | +}); |
0 commit comments