opencode icon indicating copy to clipboard operation
opencode copied to clipboard
Published 13 hours ago verified publisher icon anomalyco

fix: handle redirected_statement treesitter node in bash permissions

Open pschiel opened this issue 1 week ago • 2 comments

Fixes #5330

This patch fixes two issues in bash tool permission handling:

1. bash redirect statements are not handled (treesitter-bash usage)

Any commands parsed don't have redirects included (e.g. ls foo > bar results in ls foo) which prevents permission rules to match properly (e.g. "ls *>*": "deny" does not apply).

Cause: Redirect statements are parents of commands, thus not recognized in the loop over descendantsOfType("command")

$ echo "ls hello > /dev/null" | tree-sitter parse

(program [0, 0] - [1, 0]
  (redirected_statement [0, 0] - [0, 20]
    body: (command [0, 0] - [0, 8]
      name: (command_name [0, 0] - [0, 2]
        (word [0, 0] - [0, 2]))
      argument: (word [0, 3] - [0, 8]))
    redirect: (file_redirect [0, 9] - [0, 20]
      destination: (word [0, 11] - [0, 20]))))

Solution: use node.parent.text for the pattern matching, which includes the full command

2. bash always pattern lacks a space after the command

Approving ls adds ls* as an always pattern, which allows also other commands (e.g. lsof) which is not intended.

Solution: add a space so ls* becomes ls * in the pattern

pschiel avatar Jan 03 '26 06:01 pschiel