validateReadOnlyCommand function
Validate a command for read-only mode.
Returns null if the command is safe, or a reason string if it's not.
Implementation
String? validateReadOnlyCommand(String command) {
final segments = command.split(RegExp(r'\s*[|;&]\s*'));
for (final seg in segments) {
final trimmed = seg.trim();
if (trimmed.isEmpty) continue;
// Strip env var prefixes
var parts = trimmed.split(RegExp(r'\s+'));
while (parts.isNotEmpty && parts.first.contains('=')) {
parts = parts.sublist(1);
}
if (parts.isEmpty) continue;
final cmd = parts.first;
final args = parts.sublist(1);
// Check for output redirection
if (trimmed.contains('>') || trimmed.contains('>>')) {
return 'Output redirection not allowed in read-only mode';
}
// Check for process substitution
if (trimmed.contains('<(') || trimmed.contains('>(')) {
return 'Process substitution not allowed in read-only mode';
}
// Check for background execution
if (trimmed.endsWith('&') && !trimmed.endsWith('&&')) {
return 'Background execution not allowed in read-only mode';
}
// Validate specific commands
final validation = _validateReadOnlyCmd(cmd, args);
if (validation != null) return validation;
}
return null;
}