58f0e5ab74
As described in detail in `codex-rs/execpolicy/README.md` introduced in
this PR, `execpolicy` is a tool that lets you define a set of _patterns_
used to match [`execv(3)`](https://linux.die.net/man/3/execv)
invocations. When a pattern is matched, `execpolicy` returns the parsed
version in a structured form that is amenable to static analysis.
The primary use case is to define patterns match commands that should be
auto-approved by a tool such as Codex. This supports a richer pattern
matching mechanism that the sort of prefix-matching we have done to
date, e.g.:
5e40d9d221/codex-cli/src/approvals.ts (L333-L354)
Note we are still playing with the API and the `system_path` option in
particular still needs some work.
18 lines
525 B
Rust
18 lines
525 B
Rust
use crate::error::Error;
|
|
use crate::error::Result;
|
|
|
|
pub fn parse_sed_command(sed_command: &str) -> Result<()> {
|
|
// For now, we parse only commands like `122,202p`.
|
|
if let Some(stripped) = sed_command.strip_suffix("p") {
|
|
if let Some((first, rest)) = stripped.split_once(",") {
|
|
if first.parse::<u64>().is_ok() && rest.parse::<u64>().is_ok() {
|
|
return Ok(());
|
|
}
|
|
}
|
|
}
|
|
|
|
Err(Error::SedCommandNotProvablySafe {
|
|
command: sed_command.to_string(),
|
|
})
|
|
}
|