MayaTheShy/claw-code
1
0
Fork 0
mirror of https://github.com/instructkr/claw-code.git synced 2026-06-08 10:45:23 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix: validate attached redirection paths

Browse Source
This commit is contained in:
陈家名
2026-06-08 10:18:48 +08:00
parent 9b3548ca43
commit eb21179dde
2 changed files with 31 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/path_scope.py
View File

@@ -11,6 +11,7 @@ _GLOB_META = set('*?[')
_WINDOWS_DRIVE_RE = re.compile(r'^[A-Za-z]:[\\/]')
_WINDOWS_UNC_RE = re.compile(r'^(?:\\\\|//)[^\\/]+[\\/][^\\/]+')
_ENV_ASSIGNMENT_RE = re.compile(r'^[A-Za-z_][A-Za-z0-9_]*=')
_REDIRECTION_TARGET_RE = re.compile(r'^(?:\d*)?(?:<>|>>?|<)(.+)$|^&>>?(.+)$')
@dataclass(frozen=True)
@@ -118,6 +119,7 @@ def extract_path_candidates(payload: str) -> tuple[str, ...]:
for token in (*tokens, *raw_tokens):
if not token or token.startswith('-') or _ENV_ASSIGNMENT_RE.match(token):
continue
token = _strip_redirection_operator(token)
expanded = os.path.expandvars(os.path.expanduser(token))
if _looks_like_path(token) or _looks_like_path(expanded):
candidate = expanded if _looks_like_path(expanded) else token
@@ -138,6 +140,13 @@ def _looks_like_path(token: str) -> bool:
)
def _strip_redirection_operator(token: str) -> str:
match = _REDIRECTION_TARGET_RE.match(token)
if match is None:
return token
return next(group for group in match.groups() if group is not None)
def _is_windows_absolute(value: str) -> bool:
return bool(_WINDOWS_DRIVE_RE.match(value) or _WINDOWS_UNC_RE.match(value))