58f0e5ab74
As described in detail in `codex-rs/execpolicy/README.md` introduced in
this PR, `execpolicy` is a tool that lets you define a set of _patterns_
used to match [`execv(3)`](https://linux.die.net/man/3/execv)
invocations. When a pattern is matched, `execpolicy` returns the parsed
version in a structured form that is amenable to static analysis.
The primary use case is to define patterns match commands that should be
auto-approved by a tool such as Codex. This supports a richer pattern
matching mechanism that the sort of prefix-matching we have done to
date, e.g.:
5e40d9d221/codex-cli/src/approvals.ts (L333-L354)
Note we are still playing with the API and the `system_path` option in
particular still needs some work.
84 lines
2.4 KiB
Rust
84 lines
2.4 KiB
Rust
extern crate codex_execpolicy;
|
|
|
|
use codex_execpolicy::get_default_policy;
|
|
use codex_execpolicy::ArgType;
|
|
use codex_execpolicy::Error;
|
|
use codex_execpolicy::ExecCall;
|
|
use codex_execpolicy::MatchedArg;
|
|
use codex_execpolicy::MatchedExec;
|
|
use codex_execpolicy::MatchedFlag;
|
|
use codex_execpolicy::MatchedOpt;
|
|
use codex_execpolicy::Policy;
|
|
use codex_execpolicy::Result;
|
|
use codex_execpolicy::ValidExec;
|
|
|
|
fn setup() -> Policy {
|
|
get_default_policy().expect("failed to load default policy")
|
|
}
|
|
|
|
#[test]
|
|
fn test_sed_print_specific_lines() -> Result<()> {
|
|
let policy = setup();
|
|
let sed = ExecCall::new("sed", &["-n", "122,202p", "hello.txt"]);
|
|
assert_eq!(
|
|
Ok(MatchedExec::Match {
|
|
exec: ValidExec {
|
|
program: "sed".to_string(),
|
|
flags: vec![MatchedFlag::new("-n")],
|
|
args: vec![
|
|
MatchedArg::new(1, ArgType::SedCommand, "122,202p")?,
|
|
MatchedArg::new(2, ArgType::ReadableFile, "hello.txt")?,
|
|
],
|
|
system_path: vec!["/usr/bin/sed".to_string()],
|
|
..Default::default()
|
|
}
|
|
}),
|
|
policy.check(&sed)
|
|
);
|
|
Ok(())
|
|
}
|
|
|
|
#[test]
|
|
fn test_sed_print_specific_lines_with_e_flag() -> Result<()> {
|
|
let policy = setup();
|
|
let sed = ExecCall::new("sed", &["-n", "-e", "122,202p", "hello.txt"]);
|
|
assert_eq!(
|
|
Ok(MatchedExec::Match {
|
|
exec: ValidExec {
|
|
program: "sed".to_string(),
|
|
flags: vec![MatchedFlag::new("-n")],
|
|
opts: vec![MatchedOpt::new("-e", "122,202p", ArgType::SedCommand).unwrap()],
|
|
args: vec![MatchedArg::new(3, ArgType::ReadableFile, "hello.txt")?],
|
|
system_path: vec!["/usr/bin/sed".to_string()],
|
|
}
|
|
}),
|
|
policy.check(&sed)
|
|
);
|
|
Ok(())
|
|
}
|
|
|
|
#[test]
|
|
fn test_sed_reject_dangerous_command() {
|
|
let policy = setup();
|
|
let sed = ExecCall::new("sed", &["-e", "s/y/echo hi/e", "hello.txt"]);
|
|
assert_eq!(
|
|
Err(Error::SedCommandNotProvablySafe {
|
|
command: "s/y/echo hi/e".to_string(),
|
|
}),
|
|
policy.check(&sed)
|
|
);
|
|
}
|
|
|
|
#[test]
|
|
fn test_sed_verify_e_or_pattern_is_required() {
|
|
let policy = setup();
|
|
let sed = ExecCall::new("sed", &["122,202p"]);
|
|
assert_eq!(
|
|
Err(Error::MissingRequiredOptions {
|
|
program: "sed".to_string(),
|
|
options: vec!["-e".to_string()],
|
|
}),
|
|
policy.check(&sed)
|
|
);
|
|
}
|