valknar/llmx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adds a windows-specific method to check if a command is safe (#4119)

Browse Source 
refactors command_safety files into its own package, so we can add
platform-specific ones
Also creates a windows-specific of `is_known_safe_command` that just
returns false always, since that is what happens today.
This commit is contained in:
iceweasel-oai
2025-09-24 14:03:43 -07:00
committed by GitHub
parent 42847baaf7
commit 0e58870634
4 changed files with 38 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
codex-rs/core/src/is_safe_command.rs → codex-rs/core/src/command_safety/is_safe_command.rs
View File

@@ -2,6 +2,14 @@ use crate::bash::try_parse_bash;
use crate::bash::try_parse_word_only_commands_sequence; use crate::bash::try_parse_word_only_commands_sequence;
pub fn is_known_safe_command(command: &[String]) -> bool { pub fn is_known_safe_command(command: &[String]) -> bool {
#[cfg(target_os = "windows")]
{
use super::windows_safe_commands::is_safe_command_windows;
if is_safe_command_windows(command) {
return true;
}
}
if is_safe_to_call_with_exec(command) { if is_safe_to_call_with_exec(command) {
return true; return true;
} }
@@ -24,7 +32,6 @@ pub fn is_known_safe_command(command: &[String]) -> bool {
{ {
return true; return true;
} }
false false
} }

3
codex-rs/core/src/command_safety/mod.rs Normal file
View File

@@ -0,0 +1,3 @@
pub mod is_safe_command;
#[cfg(target_os = "windows")]
pub mod windows_safe_commands;

25
codex-rs/core/src/command_safety/windows_safe_commands.rs Normal file
View File

@@ -0,0 +1,25 @@
// This is a WIP. This will eventually contain a real list of common safe Windows commands.
pub fn is_safe_command_windows(_command: &[String]) -> bool {
false
}
#[cfg(test)]
mod tests {
use super::is_safe_command_windows;
fn vec_str(args: &[&str]) -> Vec<String> {
args.iter().map(ToString::to_string).collect()
}
#[test]
fn everything_is_unsafe() {
for cmd in [
vec_str(&["powershell.exe", "-NoLogo", "-Command", "echo hello"]),
vec_str(&["copy", "foo", "bar"]),
vec_str(&["del", "file.txt"]),
vec_str(&["powershell.exe", "Get-ChildItem"]),
] {
assert!(!is_safe_command_windows(&cmd));
}
}
}

3
codex-rs/core/src/lib.rs
View File

@@ -15,6 +15,7 @@ pub mod codex;
mod codex_conversation; mod codex_conversation;
pub mod token_data; pub mod token_data;
pub use codex_conversation::CodexConversation; pub use codex_conversation::CodexConversation;
mod command_safety;
pub mod config; pub mod config;
pub mod config_edit; pub mod config_edit;
pub mod config_profile; pub mod config_profile;
@@ -29,7 +30,6 @@ pub mod exec_env;
mod flags; mod flags;
pub mod git_info; pub mod git_info;
pub mod internal_storage; pub mod internal_storage;
mod is_safe_command;
pub mod landlock; pub mod landlock;
mod mcp_connection_manager; mod mcp_connection_manager;
mod mcp_tool_call; mod mcp_tool_call;
@@ -80,6 +80,7 @@ mod user_notification;
pub mod util; pub mod util;
pub use apply_patch::CODEX_APPLY_PATCH_ARG1; pub use apply_patch::CODEX_APPLY_PATCH_ARG1;
pub use command_safety::is_safe_command;
pub use safety::get_platform_sandbox; pub use safety::get_platform_sandbox;
// Re-export the protocol types from the standalone `codex-protocol` crate so existing // Re-export the protocol types from the standalone `codex-protocol` crate so existing
// `codex_core::protocol::...` references continue to work across the workspace. // `codex_core::protocol::...` references continue to work across the workspace.