fix(security): harden exec wrapper allowlist execution parity

2026-05-08 15:48:28 +00:00 · 2026-02-24 01:51:33 +00:00
parent 5eb72ab769
commit a1c4bf07c6
12 changed files with 289 additions and 65 deletions
--- a/src/infra/exec-safe-bin-policy.ts
+++ b/src/infra/exec-safe-bin-policy.ts
@@ -363,7 +363,7 @@ function consumeLongOptionToken(
 function consumeShortOptionClusterToken(
  args: string[],
  index: number,
-  raw: string,
+  _raw: string,
  cluster: string,
  flags: string[],
  allowedValueFlags: ReadonlySet<string>,
@@ -383,7 +383,7 @@ function consumeShortOptionClusterToken(
    }
    return isInvalidValueToken(args[index + 1]) ? -1 : index + 2;
  }
-  return hasGlobToken(raw) ? -1 : index + 1;
+  return -1;
 }

 function consumePositionalToken(token: string, positional: string[]): boolean {