isHeredocSafe function - bash_parser library

neomage package
documentation
utils/bash/bash_parser.dart
isHeredocSafe function

isHeredocSafe function

bool isHeredocSafe(

HeredocInfo heredoc

)

Check if a heredoc is safe (no command substitution or dangerous variable expansion).

Implementation

bool isHeredocSafe(HeredocInfo heredoc) {
  // Quoted heredocs prevent expansion — always safe.
  if (heredoc.quoted) return true;

  final content = heredoc.content;

  // Check for command substitution: $() or backticks.
  if (content.contains(r'$(') || content.contains('`')) {
    return false;
  }

  // Check for dangerous variable patterns.
  // Simple $VAR is generally okay; ${VAR:-cmd} or ${VAR:+cmd} can be
  // dangerous if they contain command substitution.
  final dangerousVarPattern = RegExp(r'\$\{[^}]*[`$].*\}', dotAll: true);
  if (dangerousVarPattern.hasMatch(content)) {
    return false;
  }

  return true;
}