File size: 1,401 Bytes
fea1bd1 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
# -*- coding: utf-8 -*-
"""
Security guard functions for command execution and other sensitive operations.
"""
import os
import re
import shlex
from pathlib import Path
# Try to get allowlist from config, else None
try:
from config import EXEC_ALLOWLIST
if not isinstance(EXEC_ALLOWLIST, list):
EXEC_ALLOWLIST = None
except (ImportError, AttributeError):
EXEC_ALLOWLIST = None
DEFAULT_ALLOWLIST = [
"cmd", "ipconfig", "ping", "tracert", "where", "tasklist", "python", "git"
]
def get_allowlist() -> list[str]:
"""
Priority:
1) EXEC_ALLOWLIST from config.py (list)
2) EXEC_ALLOWLIST env var (comma/semicolon/whitespace separated)
3) DEFAULT_ALLOWLIST
"""
if EXEC_ALLOWLIST is not None:
return [str(c).lower() for c in EXEC_ALLOWLIST]
env_val = os.environ.get("EXEC_ALLOWLIST")
if env_val:
return [c.lower() for c in re.split(r"[,;\s]+", env_val) if c]
return DEFAULT_ALLOWLIST
def needs_confirmation_for_exec(cmd: str, allow: list[str]) -> bool:
"""
True se o comando (token 0) não está na allowlist.
"""
if not cmd:
return True
try:
parts = shlex.split(cmd, posix=False)
if not parts:
return True
base = parts[0].lower()
base_name = Path(base).stem.lower()
return base_name not in allow
except Exception:
return True
|