Update Modules/Shell_Command.py

Modules/Shell_Command.py

@@ -96,6 +96,60 @@ def Shell_Command(
         _log_call_end("Shell_Command", _truncate_for_log(result))
         return result
 
+    # Heuristic check for absolute paths in arguments if sandboxing is strictly enforced
+    # We look for typical absolute path patterns: "/..." or "C:\..."
+    # This is not perfect (e.g., inside strings) but helps enforce "Impossible" rule.
+    from .File_System import ALLOW_ABS
+    import re
+    if not ALLOW_ABS:
+        # Regex for Unix-style absolute path (start with /)
+        # or Windows-style absolute path (start with drive letter)
+        # We look for these patterns preceded by space or start of string
+        # to avoid matching arguments like --flag=/value (though those might be paths too!)
+        # Actually, matching ANY absolute path substring is safer for "Impossible".
+        # Patterns: 
+        # Unix: / followed by non-space
+        # Win: X:\ followed by non-space
+        
+        # Simple heuristic: if command contains potential absolute path
+        unix_abs = r"(?:\s|^)/[a-zA-Z0-9_.]"
+        win_abs = r"(?:\s|^)[a-zA-Z]:\\"
+        
+        if re.search(unix_abs, command) or re.search(win_abs, command):
+             # We allow a few exceptions if needed, but for "Impossible" we block.
+             # Note: This might block flags like /C, but we run powershell/cmd separately.
+             # Wait, Windows flags start with /. 'dir /s'. This heuristic is dangerous for Windows flags.
+             # We should refine it.
+             pass 
+
+        # Refined check:
+        # On Windows, flags start with /, so checking for / is bad.
+        # But paths in Windows usually use \ or /.
+        # Let's focus on Unix roots and Windows Drive roots.
+        
+        has_abs_path = False
+        if platform.system().lower() == "windows":
+             # Look for Drive:\ - anchored to start of string, space, or quote to avoid matching URLs like https://
+             if re.search(r"(?:\s|^|['\"])[a-zA-Z]:[\\/]", command):
+                 has_abs_path = True
+             # On Windows with PowerShell, /path is valid too, but confusing with flags.
+             # We'll trust that Drive:\ is the main vector to save OUTSIDE tool root (which is likely C: or P:).
+             # If tool root is P:/Code..., writing to C:/... requires Drive arg.
+        else:
+             # Unix: Look for / at start of token, but exclude common flags?
+             # Actually, just looking for " /" or start "/" is decent.
+             # But flags like /dev/null are common.
+             # Maybe we just warn or block known dangerous patterns?
+             # User said "Make it impossible". a broad block is better than a leak.
+             if re.search(r"(?:\s|^)/", command):
+                  # This blocks flags like /bin/bash or paths.
+                  has_abs_path = True
+        
+        if has_abs_path:
+             result = "Error: Absolute paths are not allowed in commands to ensure sandbox safety. Use relative paths."
+             _log_call_end("Shell_Command", _truncate_for_log(result))
+             return result
+
     # Capture shell used for transparency
     _, shell_name = _detect_shell()
     stdout, stderr, code = _run_command(command, cwd=abs_cwd, timeout=timeout)