Skip /dev/null redirects from terminal auto-allow command extraction#49503
Merged
Skip /dev/null redirects from terminal auto-allow command extraction#49503
Conversation
File redirects (e.g. `2>/dev/null`, `> output.txt`) are I/O routing, not commands, and should not be checked against auto-allow regexes. Previously, `extract_commands` emitted normalized redirect strings like `"2> /dev/null"` as separate commands. Since `check_commands` requires all extracted commands to match an allow pattern, the unmatched redirect caused false-negatives — e.g. `git log --oneline -20 2>/dev/null || echo ...` would not be auto-allowed despite matching `^git` and `^echo` patterns. Nested commands within redirect targets (e.g. process substitutions like `> $(mktemp)`) are still extracted via the existing second pass in `extract_commands_from_io_redirect`.
Verifies that a piped command like `echo "y\ny" | git add -p file` is auto-allowed when both sides match their respective allow patterns.
Redirects to /dev/null (e.g. 2>/dev/null, &>/dev/null) are known-safe I/O routing, not commands. Previously they were emitted as separate entries in the extracted command list, causing auto-allow to fail because check_commands requires all entries to match a pattern. Instead of removing all redirects from extraction (which would hide dangerous redirects like > /etc/passwd from deny patterns), this surgically skips only /dev/null targets during normalization.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Redirects to
/dev/null(e.g.2>/dev/null,&>/dev/null) are known-safe I/O routing, not commands. Previously,extract_commandsemitted normalized redirect strings like"2> /dev/null"as separate entries in the command list checked against auto-allow regexes. Sincecheck_commandsrequires all extracted entries to match an allow pattern, the unmatched redirect caused false-negatives — e.g.git log --oneline -20 2>/dev/null || echo ...would not be auto-allowed despite matching^gitand^echopatterns.Rather than removing all redirects from extraction (which would hide dangerous redirects like
> /etc/passwdfrom deny/confirm pattern checking), this fix surgically skips only/dev/nulltargets during redirect normalization. Redirects to real files are still emitted and still require a matching pattern for auto-allow, preserving the defense-in-depth property.Closes AI-41
Release Notes:
/dev/nullredirects (e.g.2>/dev/null).