isCommandSafe static method

bool isCommandSafe(String command)

Basic safety check for a command string.

Returns false if the command contains potentially dangerous patterns like rm -rf /, mkfs, dd, or writing to system paths.

Implementation

static bool isCommandSafe(String command) {
  final dangerous = [
    RegExp(r'\brm\s+(-[a-zA-Z]*f[a-zA-Z]*\s+)?/\s'),
    RegExp(r'\brm\s+-[a-zA-Z]*r[a-zA-Z]*f?[a-zA-Z]*\s+/\b'),
    RegExp(r'\bmkfs\b'),
    RegExp(r'\bdd\s+.*of=/dev/'),
    RegExp(r'>\s*/dev/[sh]d[a-z]'),
    RegExp(r'\bformat\s+[A-Z]:'),
    RegExp(r'\bchmod\s+(-[a-zA-Z]*\s+)?777\s+/'),
    RegExp(r'\bchown\s+.*\s+/'),
    RegExp(r':\(\)\s*\{\s*:\|:\s*&\s*\}\s*;'), // fork bomb
  ];
  for (final pattern in dangerous) {
    if (pattern.hasMatch(command)) return false;
  }
  return true;
}