valknar/llmx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add true,false,nl to the list of trusted commands (#1676)

Browse Source 
`nl` is a line-numbering tool that should be on the _trusted _ list, as
there is nothing concerning on https://gtfobins.github.io/gtfobins/nl/
that would merit exclusion.

`true` and `false` are also safe, though not particularly useful given
how `is_known_safe_command()` works today, but that will change with
https://github.com/openai/codex/pull/1668.
This commit is contained in:
Michael Bolin
2025-07-24 12:59:36 -07:00
committed by GitHub
parent 7af9cedbd7
commit c9e2def494
1 changed files with 21 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
codex-rs/core/src/is_safe_command.rs
View File

@@ -23,9 +23,23 @@ fn is_safe_to_call_with_exec(command: &[String]) -> bool {
let cmd0 = command.first().map(String::as_str); let cmd0 = command.first().map(String::as_str);
match cmd0 { match cmd0 {
Some("cat" | "cd" | "echo" | "grep" | "head" | "ls" | "pwd" | "tail" | "wc" | "which") => { #[rustfmt::skip]
Some(
"cat" |
"cd" |
"echo" |
"false" |
"grep" |
"head" |
"ls" |
"nl" |
"pwd" |
"tail" |
"true" |
"wc" |
"which") => {
true true
} },
Some("find") => { Some("find") => {
// Certain options to `find` can delete files, write to files, or // Certain options to `find` can delete files, write to files, or
@@ -232,6 +246,11 @@ mod tests {
assert!(is_safe_to_call_with_exec(&vec_str(&[ assert!(is_safe_to_call_with_exec(&vec_str(&[
"sed", "-n", "1,5p", "file.txt" "sed", "-n", "1,5p", "file.txt"
]))); ])));
assert!(is_safe_to_call_with_exec(&vec_str(&[
"nl",
"-nrz",
"Cargo.toml"
])));
// Safe `find` command (no unsafe options). // Safe `find` command (no unsafe options).
assert!(is_safe_to_call_with_exec(&vec_str(&[ assert!(is_safe_to_call_with_exec(&vec_str(&[