@bastani/atomic 0.9.0-alpha.1 → 0.9.0-alpha.2

package/dist/core/tools/bash-policy-segment.js

@@ -1,275 +0,0 @@
-import { findClosingBacktick, findClosingParen, isCommandSubstitutionAt, isProcessSubstitutionAt, isWhitespace, readShellWord, } from "./bash-policy-shell.js";
-const UNSUPPORTED_CONTROL_HEADS = new Set([
-    "!",
-    "[[",
-    "]]",
-    "case",
-    "coproc",
-    "do",
-    "done",
-    "elif",
-    "else",
-    "esac",
-    "fi",
-    "for",
-    "function",
-    "if",
-    "in",
-    "select",
-    "then",
-    "time",
-    "until",
-    "while",
-    "{",
-    "}",
-]);
-function isAsciiDigit(char) {
-    return char !== undefined && char >= "0" && char <= "9";
-}
-function leadingRedirectionTokenAt(input, index) {
-    let operatorStart = index;
-    while (isAsciiDigit(input[operatorStart]))
-        operatorStart += 1;
-    const hasDescriptorPrefix = operatorStart > index;
-    const char = input[operatorStart];
-    const next = input[operatorStart + 1];
-    const afterNext = input[operatorStart + 2];
-    if (char === undefined)
-        return undefined;
-    if (hasDescriptorPrefix && char !== "<" && char !== ">")
-        return undefined;
-    if (!hasDescriptorPrefix && (char === "<" || char === ">") && next === "(") {
-        return undefined;
-    }
-    let operator;
-    if (char === "&" && next === ">") {
-        operator = afterNext === ">" ? "&>>" : "&>";
-    }
-    else if (char === "<") {
-        if (next === "<")
-            operator = "<<";
-        else if (next === "&")
-            operator = "<&";
-        else if (next === ">")
-            operator = "<>";
-        else
-            operator = "<";
-    }
-    else if (char === ">") {
-        if (next === ">")
-            operator = ">>";
-        else if (next === "|")
-            operator = ">|";
-        else if (next === "&")
-            operator = ">&";
-        else
-            operator = ">";
-    }
-    return operator === undefined ? undefined : `${input.slice(index, operatorStart)}${operator}`;
-}
-function isEnvAssignmentWord(word) {
-    return /^[A-Za-z_][A-Za-z0-9_]*(?:\+)?=/.test(word);
-}
-function attachedRedirectionOperatorAt(input, index) {
-    const char = input[index];
-    const next = input[index + 1];
-    const afterNext = input[index + 2];
-    if ((char === "<" || char === ">") && next === "(") {
-        return undefined;
-    }
-    if (char === "&" && next === ">") {
-        return afterNext === ">" ? "&>>" : "&>";
-    }
-    if (char === "<") {
-        if (next === "<")
-            return "<<";
-        if (next === "&")
-            return "<&";
-        if (next === ">")
-            return "<>";
-        return "<";
-    }
-    if (char === ">") {
-        if (next === ">")
-            return ">>";
-        if (next === "|")
-            return ">|";
-        if (next === "&")
-            return ">&";
-        return ">";
-    }
-    return undefined;
-}
-function attachedCommandHeadRedirection(input, start, end) {
-    let quote = "none";
-    for (let i = start; i < end; i += 1) {
-        const char = input[i];
-        if (quote === "single") {
-            if (char === "'")
-                quote = "none";
-            continue;
-        }
-        if (char === "\\") {
-            i += 1;
-            continue;
-        }
-        if (quote === "double") {
-            if (char === "\"") {
-                quote = "none";
-                continue;
-            }
-            if (isCommandSubstitutionAt(input, i) || isProcessSubstitutionAt(input, i)) {
-                const close = findClosingParen(input, i + 1, isCommandSubstitutionAt(input, i) ? "command substitution `$(`" : "process substitution");
-                if (close.ok)
-                    i = close.closeIndex;
-                continue;
-            }
-            if (char === "`") {
-                const close = findClosingBacktick(input, i);
-                if (close.ok)
-                    i = close.closeIndex;
-            }
-            continue;
-        }
-        if (char === "'") {
-            quote = "single";
-            continue;
-        }
-        if (char === "\"") {
-            quote = "double";
-            continue;
-        }
-        if (isCommandSubstitutionAt(input, i) || isProcessSubstitutionAt(input, i)) {
-            const close = findClosingParen(input, i + 1, isCommandSubstitutionAt(input, i) ? "command substitution `$(`" : "process substitution");
-            if (close.ok)
-                i = close.closeIndex;
-            continue;
-        }
-        if (char === "`") {
-            const close = findClosingBacktick(input, i);
-            if (close.ok)
-                i = close.closeIndex;
-            continue;
-        }
-        const operator = attachedRedirectionOperatorAt(input, i);
-        if (operator !== undefined && i > start) {
-            return { token: operator, offset: i };
-        }
-    }
-    return undefined;
-}
-function validateLiteralCommandHead(head, metadata) {
-    if (head.length === 0) {
-        return { ok: false, reason: "empty command heads are not supported by bash policy segments mode" };
-    }
-    if (metadata.sawSingleQuote || metadata.sawDoubleQuote) {
-        return { ok: false, reason: "quoted or quote-constructed command heads are not supported by bash policy segments mode" };
-    }
-    if (metadata.sawEscape) {
-        return { ok: false, reason: "escape-constructed command heads are not supported by bash policy segments mode" };
-    }
-    if (metadata.sawCommandSubstitution || metadata.sawProcessSubstitution || metadata.sawBacktick) {
-        return { ok: false, reason: "command, process, and backtick substitutions are not supported in command heads by bash policy segments mode" };
-    }
-    if (metadata.sawParameterExpansion) {
-        return { ok: false, reason: "parameter-expanded command heads are not supported by bash policy segments mode" };
-    }
-    if (metadata.sawTildePrefix) {
-        return { ok: false, reason: "tilde-expanded command heads are not supported by bash policy segments mode" };
-    }
-    if (metadata.sawGlobPattern) {
-        return { ok: false, reason: "glob-expanded command heads are not supported by bash policy segments mode" };
-    }
-    if (metadata.sawBraceExpansion) {
-        return { ok: false, reason: "brace-expanded command heads are not supported by bash policy segments mode" };
-    }
-    return { ok: true };
-}
-export function buildSegment(rawSegment, absoluteStart, absoluteEnd, source) {
-    let cursor = 0;
-    while (cursor < rawSegment.length && isWhitespace(rawSegment[cursor]))
-        cursor += 1;
-    if (cursor >= rawSegment.length)
-        return { ok: true };
-    while (cursor < rawSegment.length) {
-        while (cursor < rawSegment.length && isWhitespace(rawSegment[cursor]))
-            cursor += 1;
-        if (cursor >= rawSegment.length)
-            return { ok: true };
-        const leadingRedirection = leadingRedirectionTokenAt(rawSegment, cursor);
-        if (leadingRedirection !== undefined) {
-            return {
-                ok: false,
-                error: {
-                    reason: `leading shell redirection ${JSON.stringify(leadingRedirection)} is not supported by bash policy segments mode`,
-                    offset: absoluteStart + cursor,
-                    source,
-                },
-            };
-        }
-        const word = readShellWord(rawSegment, cursor);
-        if (!word.ok) {
-            return {
-                ok: false,
-                error: { reason: word.reason, offset: absoluteStart + word.offset, source },
-            };
-        }
-        const attachedRedirection = attachedCommandHeadRedirection(rawSegment, cursor, word.end);
-        if (attachedRedirection !== undefined) {
-            return {
-                ok: false,
-                error: {
-                    reason: `attached shell redirection ${JSON.stringify(attachedRedirection.token)} in the command head is not supported by bash policy segments mode`,
-                    offset: absoluteStart + attachedRedirection.offset,
-                    source,
-                },
-            };
-        }
-        if (isEnvAssignmentWord(word.word)) {
-            return {
-                ok: false,
-                error: {
-                    reason: "environment assignment words are not supported by bash policy segments mode",
-                    offset: absoluteStart + cursor,
-                    source,
-                },
-            };
-        }
-        const target = rawSegment.slice(cursor).trim();
-        const head = word.word;
-        if (UNSUPPORTED_CONTROL_HEADS.has(head)) {
-            return {
-                ok: false,
-                error: {
-                    reason: `unsupported shell reserved or compound syntax starting with ${JSON.stringify(head)}`,
-                    offset: absoluteStart + cursor,
-                    source,
-                },
-            };
-        }
-        const literalHead = validateLiteralCommandHead(head, word.metadata);
-        if (!literalHead.ok) {
-            return {
-                ok: false,
-                error: {
-                    reason: literalHead.reason,
-                    offset: absoluteStart + cursor,
-                    source,
-                },
-            };
-        }
-        return {
-            ok: true,
-            segment: {
-                raw: rawSegment.trim(),
-                target,
-                head,
-                start: absoluteStart + cursor,
-                end: absoluteEnd,
-                source,
-            },
-        };
-    }
-    return { ok: true };
-}
-//# sourceMappingURL=bash-policy-segment.js.map

package/dist/core/tools/bash-policy-segment.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"bash-policy-segment.js","sourceRoot":"","sources":["../../../src/core/tools/bash-policy-segment.ts"],"names":[],"mappings":"AACA,OAAO,EACN,mBAAmB,EACnB,gBAAgB,EAChB,uBAAuB,EACvB,uBAAuB,EACvB,YAAY,EACZ,aAAa,GACb,MAAM,wBAAwB,CAAC;AAEhC,MAAM,yBAAyB,GAAG,IAAI,GAAG,CAAC;IACzC,GAAG;IACH,IAAI;IACJ,IAAI;IACJ,MAAM;IACN,QAAQ;IACR,IAAI;IACJ,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,IAAI;IACJ,KAAK;IACL,UAAU;IACV,IAAI;IACJ,IAAI;IACJ,QAAQ;IACR,MAAM;IACN,MAAM;IACN,OAAO;IACP,OAAO;IACP,GAAG;IACH,GAAG;CACH,CAAC,CAAC;AAWH,SAAS,YAAY,CAAC,IAAwB;IAC7C,OAAO,IAAI,KAAK,SAAS,IAAI,IAAI,IAAI,GAAG,IAAI,IAAI,IAAI,GAAG,CAAC;AACzD,CAAC;AAED,SAAS,yBAAyB,CAAC,KAAa,EAAE,KAAa;IAC9D,IAAI,aAAa,GAAG,KAAK,CAAC;IAC1B,OAAO,YAAY,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QAAE,aAAa,IAAI,CAAC,CAAC;IAE9D,MAAM,mBAAmB,GAAG,aAAa,GAAG,KAAK,CAAC;IAClD,MAAM,IAAI,GAAG,KAAK,CAAC,aAAa,CAAC,CAAC;IAClC,MAAM,IAAI,GAAG,KAAK,CAAC,aAAa,GAAG,CAAC,CAAC,CAAC;IACtC,MAAM,SAAS,GAAG,KAAK,CAAC,aAAa,GAAG,CAAC,CAAC,CAAC;IAE3C,IAAI,IAAI,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IACzC,IAAI,mBAAmB,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG;QAAE,OAAO,SAAS,CAAC;IAE1E,IAAI,CAAC,mBAAmB,IAAI,CAAC,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,CAAC,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;QAC5E,OAAO,SAAS,CAAC;IAClB,CAAC;IAED,IAAI,QAA4B,CAAC;IACjC,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;QAClC,QAAQ,GAAG,SAAS,KAAK,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;IAC7C,CAAC;SAAM,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;QACzB,IAAI,IAAI,KAAK,GAAG;YAAE,QAAQ,GAAG,IAAI,CAAC;aAC7B,IAAI,IAAI,KAAK,GAAG;YAAE,QAAQ,GAAG,IAAI,CAAC;aAClC,IAAI,IAAI,KAAK,GAAG;YAAE,QAAQ,GAAG,IAAI,CAAC;;YAClC,QAAQ,GAAG,GAAG,CAAC;IACrB,CAAC;SAAM,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;QACzB,IAAI,IAAI,KAAK,GAAG;YAAE,QAAQ,GAAG,IAAI,CAAC;aAC7B,IAAI,IAAI,KAAK,GAAG;YAAE,QAAQ,GAAG,IAAI,CAAC;aAClC,IAAI,IAAI,KAAK,GAAG;YAAE,QAAQ,GAAG,IAAI,CAAC;;YAClC,QAAQ,GAAG,GAAG,CAAC;IACrB,CAAC;IAED,OAAO,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,aAAa,CAAC,GAAG,QAAQ,EAAE,CAAC;AAC/F,CAAC;AAED,SAAS,mBAAmB,CAAC,IAAY;IACxC,OAAO,iCAAiC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,6BAA6B,CAAC,KAAa,EAAE,KAAa;IAClE,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC;IAC1B,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;IAC9B,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;IAEnC,IAAI,CAAC,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,CAAC,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;QACpD,OAAO,SAAS,CAAC;IAClB,CAAC;IACD,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;QAClC,OAAO,SAAS,KAAK,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;IACzC,CAAC;IACD,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;QAClB,IAAI,IAAI,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC;QAC9B,IAAI,IAAI,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC;QAC9B,IAAI,IAAI,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC;QAC9B,OAAO,GAAG,CAAC;IACZ,CAAC;IACD,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;QAClB,IAAI,IAAI,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC;QAC9B,IAAI,IAAI,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC;QAC9B,IAAI,IAAI,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC;QAC9B,OAAO,GAAG,CAAC;IACZ,CAAC;IACD,OAAO,SAAS,CAAC;AAClB,CAAC;AAED,SAAS,8BAA8B,CACtC,KAAa,EACb,KAAa,EACb,GAAW;IAEX,IAAI,KAAK,GAAoB,MAAM,CAAC;IAEpC,KAAK,IAAI,CAAC,GAAG,KAAK,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACvB,IAAI,KAAK,KAAK,QAAQ,EAAE,CAAC;YACxB,IAAI,IAAI,KAAK,GAAG;gBAAE,KAAK,GAAG,MAAM,CAAC;YACjC,SAAS;QACV,CAAC;QACD,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;YACnB,CAAC,IAAI,CAAC,CAAC;YACP,SAAS;QACV,CAAC;QACD,IAAI,KAAK,KAAK,QAAQ,EAAE,CAAC;YACxB,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;gBACnB,KAAK,GAAG,MAAM,CAAC;gBACf,SAAS;YACV,CAAC;YACD,IAAI,uBAAuB,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,uBAAuB,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,CAAC;gBAC5E,MAAM,KAAK,GAAG,gBAAgB,CAAC,KAAK,EAAE,CAAC,GAAG,CAAC,EAAE,uBAAuB,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,2BAA2B,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC;gBACvI,IAAI,KAAK,CAAC,EAAE;oBAAE,CAAC,GAAG,KAAK,CAAC,UAAU,CAAC;gBACnC,SAAS;YACV,CAAC;YACD,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBAClB,MAAM,KAAK,GAAG,mBAAmB,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;gBAC5C,IAAI,KAAK,CAAC,EAAE;oBAAE,CAAC,GAAG,KAAK,CAAC,UAAU,CAAC;YACpC,CAAC;YACD,SAAS;QACV,CAAC;QACD,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YAClB,KAAK,GAAG,QAAQ,CAAC;YACjB,SAAS;QACV,CAAC;QACD,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;YACnB,KAAK,GAAG,QAAQ,CAAC;YACjB,SAAS;QACV,CAAC;QACD,IAAI,uBAAuB,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,uBAAuB,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,CAAC;YAC5E,MAAM,KAAK,GAAG,gBAAgB,CAAC,KAAK,EAAE,CAAC,GAAG,CAAC,EAAE,uBAAuB,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,2BAA2B,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC;YACvI,IAAI,KAAK,CAAC,EAAE;gBAAE,CAAC,GAAG,KAAK,CAAC,UAAU,CAAC;YACnC,SAAS;QACV,CAAC;QACD,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YAClB,MAAM,KAAK,GAAG,mBAAmB,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAC5C,IAAI,KAAK,CAAC,EAAE;gBAAE,CAAC,GAAG,KAAK,CAAC,UAAU,CAAC;YACnC,SAAS;QACV,CAAC;QAED,MAAM,QAAQ,GAAG,6BAA6B,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACzD,IAAI,QAAQ,KAAK,SAAS,IAAI,CAAC,GAAG,KAAK,EAAE,CAAC;YACzC,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;QACvC,CAAC;IACF,CAAC;IAED,OAAO,SAAS,CAAC;AAClB,CAAC;AAED,SAAS,0BAA0B,CAAC,IAAY,EAAE,QAA2B;IAC5E,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,oEAAoE,EAAE,CAAC;IACpG,CAAC;IACD,IAAI,QAAQ,CAAC,cAAc,IAAI,QAAQ,CAAC,cAAc,EAAE,CAAC;QACxD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,0FAA0F,EAAE,CAAC;IAC1H,CAAC;IACD,IAAI,QAAQ,CAAC,SAAS,EAAE,CAAC;QACxB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,iFAAiF,EAAE,CAAC;IACjH,CAAC;IACD,IAAI,QAAQ,CAAC,sBAAsB,IAAI,QAAQ,CAAC,sBAAsB,IAAI,QAAQ,CAAC,WAAW,EAAE,CAAC;QAChG,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,8GAA8G,EAAE,CAAC;IAC9I,CAAC;IACD,IAAI,QAAQ,CAAC,qBAAqB,EAAE,CAAC;QACpC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,iFAAiF,EAAE,CAAC;IACjH,CAAC;IACD,IAAI,QAAQ,CAAC,cAAc,EAAE,CAAC;QAC7B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,6EAA6E,EAAE,CAAC;IAC7G,CAAC;IACD,IAAI,QAAQ,CAAC,cAAc,EAAE,CAAC;QAC7B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,4EAA4E,EAAE,CAAC;IAC5G,CAAC;IACD,IAAI,QAAQ,CAAC,iBAAiB,EAAE,CAAC;QAChC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,6EAA6E,EAAE,CAAC;IAC7G,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;AACrB,CAAC;AAED,MAAM,UAAU,YAAY,CAC3B,UAAkB,EAClB,aAAqB,EACrB,WAAmB,EACnB,MAAkF;IAElF,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,OAAO,MAAM,GAAG,UAAU,CAAC,MAAM,IAAI,YAAY,CAAC,UAAU,CAAC,MAAM,CAAE,CAAC;QAAE,MAAM,IAAI,CAAC,CAAC;IACpF,IAAI,MAAM,IAAI,UAAU,CAAC,MAAM;QAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IAErD,OAAO,MAAM,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC;QACnC,OAAO,MAAM,GAAG,UAAU,CAAC,MAAM,IAAI,YAAY,CAAC,UAAU,CAAC,MAAM,CAAE,CAAC;YAAE,MAAM,IAAI,CAAC,CAAC;QACpF,IAAI,MAAM,IAAI,UAAU,CAAC,MAAM;YAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;QAErD,MAAM,kBAAkB,GAAG,yBAAyB,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QACzE,IAAI,kBAAkB,KAAK,SAAS,EAAE,CAAC;YACtC,OAAO;gBACN,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE;oBACN,MAAM,EAAE,6BAA6B,IAAI,CAAC,SAAS,CAAC,kBAAkB,CAAC,gDAAgD;oBACvH,MAAM,EAAE,aAAa,GAAG,MAAM;oBAC9B,MAAM;iBACN;aACD,CAAC;QACH,CAAC;QAED,MAAM,IAAI,GAAG,aAAa,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QAC/C,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACd,OAAO;gBACN,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,aAAa,GAAG,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE;aAC3E,CAAC;QACH,CAAC;QAED,MAAM,mBAAmB,GAAG,8BAA8B,CAAC,UAAU,EAAE,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;QACzF,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;YACvC,OAAO;gBACN,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE;oBACN,MAAM,EAAE,8BAA8B,IAAI,CAAC,SAAS,CAAC,mBAAmB,CAAC,KAAK,CAAC,oEAAoE;oBACnJ,MAAM,EAAE,aAAa,GAAG,mBAAmB,CAAC,MAAM;oBAClD,MAAM;iBACN;aACD,CAAC;QACH,CAAC;QAED,IAAI,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACpC,OAAO;gBACN,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE;oBACN,MAAM,EAAE,6EAA6E;oBACrF,MAAM,EAAE,aAAa,GAAG,MAAM;oBAC9B,MAAM;iBACN;aACD,CAAC;QACH,CAAC;QAED,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QAC/C,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;QACvB,IAAI,yBAAyB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACzC,OAAO;gBACN,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE;oBACN,MAAM,EAAE,+DAA+D,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;oBAC7F,MAAM,EAAE,aAAa,GAAG,MAAM;oBAC9B,MAAM;iBACN;aACD,CAAC;QACH,CAAC;QACD,MAAM,WAAW,GAAG,0BAA0B,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QACpE,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,CAAC;YACrB,OAAO;gBACN,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE;oBACN,MAAM,EAAE,WAAW,CAAC,MAAM;oBAC1B,MAAM,EAAE,aAAa,GAAG,MAAM;oBAC9B,MAAM;iBACN;aACD,CAAC;QACH,CAAC;QAED,OAAO;YACN,EAAE,EAAE,IAAI;YACR,OAAO,EAAE;gBACR,GAAG,EAAE,UAAU,CAAC,IAAI,EAAE;gBACtB,MAAM;gBACN,IAAI;gBACJ,KAAK,EAAE,aAAa,GAAG,MAAM;gBAC7B,GAAG,EAAE,WAAW;gBAChB,MAAM;aACN;SACD,CAAC;IACH,CAAC;IAED,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;AACrB,CAAC","sourcesContent":["import type { SegmentBuildResult, ShellQuoteState, ShellWordMetadata } from \"./bash-policy-types.ts\";\nimport {\n\tfindClosingBacktick,\n\tfindClosingParen,\n\tisCommandSubstitutionAt,\n\tisProcessSubstitutionAt,\n\tisWhitespace,\n\treadShellWord,\n} from \"./bash-policy-shell.ts\";\n\nconst UNSUPPORTED_CONTROL_HEADS = new Set([\n\t\"!\",\n\t\"[[\",\n\t\"]]\",\n\t\"case\",\n\t\"coproc\",\n\t\"do\",\n\t\"done\",\n\t\"elif\",\n\t\"else\",\n\t\"esac\",\n\t\"fi\",\n\t\"for\",\n\t\"function\",\n\t\"if\",\n\t\"in\",\n\t\"select\",\n\t\"then\",\n\t\"time\",\n\t\"until\",\n\t\"while\",\n\t\"{\",\n\t\"}\",\n]);\n\ntype LiteralCommandHeadValidation =\n\t| { readonly ok: true }\n\t| { readonly ok: false; readonly reason: string };\n\ninterface AttachedRedirectionToken {\n\treadonly token: string;\n\treadonly offset: number;\n}\n\nfunction isAsciiDigit(char: string | undefined): boolean {\n\treturn char !== undefined && char >= \"0\" && char <= \"9\";\n}\n\nfunction leadingRedirectionTokenAt(input: string, index: number): string | undefined {\n\tlet operatorStart = index;\n\twhile (isAsciiDigit(input[operatorStart])) operatorStart += 1;\n\n\tconst hasDescriptorPrefix = operatorStart > index;\n\tconst char = input[operatorStart];\n\tconst next = input[operatorStart + 1];\n\tconst afterNext = input[operatorStart + 2];\n\n\tif (char === undefined) return undefined;\n\tif (hasDescriptorPrefix && char !== \"<\" && char !== \">\") return undefined;\n\n\tif (!hasDescriptorPrefix && (char === \"<\" || char === \">\") && next === \"(\") {\n\t\treturn undefined;\n\t}\n\n\tlet operator: string | undefined;\n\tif (char === \"&\" && next === \">\") {\n\t\toperator = afterNext === \">\" ? \"&>>\" : \"&>\";\n\t} else if (char === \"<\") {\n\t\tif (next === \"<\") operator = \"<<\";\n\t\telse if (next === \"&\") operator = \"<&\";\n\t\telse if (next === \">\") operator = \"<>\";\n\t\telse operator = \"<\";\n\t} else if (char === \">\") {\n\t\tif (next === \">\") operator = \">>\";\n\t\telse if (next === \"|\") operator = \">|\";\n\t\telse if (next === \"&\") operator = \">&\";\n\t\telse operator = \">\";\n\t}\n\n\treturn operator === undefined ? undefined : `${input.slice(index, operatorStart)}${operator}`;\n}\n\nfunction isEnvAssignmentWord(word: string): boolean {\n\treturn /^[A-Za-z_][A-Za-z0-9_]*(?:\\+)?=/.test(word);\n}\n\nfunction attachedRedirectionOperatorAt(input: string, index: number): string | undefined {\n\tconst char = input[index];\n\tconst next = input[index + 1];\n\tconst afterNext = input[index + 2];\n\n\tif ((char === \"<\" || char === \">\") && next === \"(\") {\n\t\treturn undefined;\n\t}\n\tif (char === \"&\" && next === \">\") {\n\t\treturn afterNext === \">\" ? \"&>>\" : \"&>\";\n\t}\n\tif (char === \"<\") {\n\t\tif (next === \"<\") return \"<<\";\n\t\tif (next === \"&\") return \"<&\";\n\t\tif (next === \">\") return \"<>\";\n\t\treturn \"<\";\n\t}\n\tif (char === \">\") {\n\t\tif (next === \">\") return \">>\";\n\t\tif (next === \"|\") return \">|\";\n\t\tif (next === \"&\") return \">&\";\n\t\treturn \">\";\n\t}\n\treturn undefined;\n}\n\nfunction attachedCommandHeadRedirection(\n\tinput: string,\n\tstart: number,\n\tend: number,\n): AttachedRedirectionToken | undefined {\n\tlet quote: ShellQuoteState = \"none\";\n\n\tfor (let i = start; i < end; i += 1) {\n\t\tconst char = input[i]!;\n\t\tif (quote === \"single\") {\n\t\t\tif (char === \"'\") quote = \"none\";\n\t\t\tcontinue;\n\t\t}\n\t\tif (char === \"\\\\\") {\n\t\t\ti += 1;\n\t\t\tcontinue;\n\t\t}\n\t\tif (quote === \"double\") {\n\t\t\tif (char === \"\\\"\") {\n\t\t\t\tquote = \"none\";\n\t\t\t\tcontinue;\n\t\t\t}\n\t\t\tif (isCommandSubstitutionAt(input, i) || isProcessSubstitutionAt(input, i)) {\n\t\t\t\tconst close = findClosingParen(input, i + 1, isCommandSubstitutionAt(input, i) ? \"command substitution `$(`\" : \"process substitution\");\n\t\t\t\tif (close.ok) i = close.closeIndex;\n\t\t\t\tcontinue;\n\t\t\t}\n\t\t\tif (char === \"`\") {\n\t\t\t\tconst close = findClosingBacktick(input, i);\n\t\t\t\tif (close.ok) i = close.closeIndex;\n\t\t\t}\n\t\t\tcontinue;\n\t\t}\n\t\tif (char === \"'\") {\n\t\t\tquote = \"single\";\n\t\t\tcontinue;\n\t\t}\n\t\tif (char === \"\\\"\") {\n\t\t\tquote = \"double\";\n\t\t\tcontinue;\n\t\t}\n\t\tif (isCommandSubstitutionAt(input, i) || isProcessSubstitutionAt(input, i)) {\n\t\t\tconst close = findClosingParen(input, i + 1, isCommandSubstitutionAt(input, i) ? \"command substitution `$(`\" : \"process substitution\");\n\t\t\tif (close.ok) i = close.closeIndex;\n\t\t\tcontinue;\n\t\t}\n\t\tif (char === \"`\") {\n\t\t\tconst close = findClosingBacktick(input, i);\n\t\t\tif (close.ok) i = close.closeIndex;\n\t\t\tcontinue;\n\t\t}\n\n\t\tconst operator = attachedRedirectionOperatorAt(input, i);\n\t\tif (operator !== undefined && i > start) {\n\t\t\treturn { token: operator, offset: i };\n\t\t}\n\t}\n\n\treturn undefined;\n}\n\nfunction validateLiteralCommandHead(head: string, metadata: ShellWordMetadata): LiteralCommandHeadValidation {\n\tif (head.length === 0) {\n\t\treturn { ok: false, reason: \"empty command heads are not supported by bash policy segments mode\" };\n\t}\n\tif (metadata.sawSingleQuote || metadata.sawDoubleQuote) {\n\t\treturn { ok: false, reason: \"quoted or quote-constructed command heads are not supported by bash policy segments mode\" };\n\t}\n\tif (metadata.sawEscape) {\n\t\treturn { ok: false, reason: \"escape-constructed command heads are not supported by bash policy segments mode\" };\n\t}\n\tif (metadata.sawCommandSubstitution || metadata.sawProcessSubstitution || metadata.sawBacktick) {\n\t\treturn { ok: false, reason: \"command, process, and backtick substitutions are not supported in command heads by bash policy segments mode\" };\n\t}\n\tif (metadata.sawParameterExpansion) {\n\t\treturn { ok: false, reason: \"parameter-expanded command heads are not supported by bash policy segments mode\" };\n\t}\n\tif (metadata.sawTildePrefix) {\n\t\treturn { ok: false, reason: \"tilde-expanded command heads are not supported by bash policy segments mode\" };\n\t}\n\tif (metadata.sawGlobPattern) {\n\t\treturn { ok: false, reason: \"glob-expanded command heads are not supported by bash policy segments mode\" };\n\t}\n\tif (metadata.sawBraceExpansion) {\n\t\treturn { ok: false, reason: \"brace-expanded command heads are not supported by bash policy segments mode\" };\n\t}\n\treturn { ok: true };\n}\n\nexport function buildSegment(\n\trawSegment: string,\n\tabsoluteStart: number,\n\tabsoluteEnd: number,\n\tsource: \"top-level\" | \"command-substitution\" | \"process-substitution\" | \"backtick\",\n): SegmentBuildResult {\n\tlet cursor = 0;\n\twhile (cursor < rawSegment.length && isWhitespace(rawSegment[cursor]!)) cursor += 1;\n\tif (cursor >= rawSegment.length) return { ok: true };\n\n\twhile (cursor < rawSegment.length) {\n\t\twhile (cursor < rawSegment.length && isWhitespace(rawSegment[cursor]!)) cursor += 1;\n\t\tif (cursor >= rawSegment.length) return { ok: true };\n\n\t\tconst leadingRedirection = leadingRedirectionTokenAt(rawSegment, cursor);\n\t\tif (leadingRedirection !== undefined) {\n\t\t\treturn {\n\t\t\t\tok: false,\n\t\t\t\terror: {\n\t\t\t\t\treason: `leading shell redirection ${JSON.stringify(leadingRedirection)} is not supported by bash policy segments mode`,\n\t\t\t\t\toffset: absoluteStart + cursor,\n\t\t\t\t\tsource,\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\n\t\tconst word = readShellWord(rawSegment, cursor);\n\t\tif (!word.ok) {\n\t\t\treturn {\n\t\t\t\tok: false,\n\t\t\t\terror: { reason: word.reason, offset: absoluteStart + word.offset, source },\n\t\t\t};\n\t\t}\n\n\t\tconst attachedRedirection = attachedCommandHeadRedirection(rawSegment, cursor, word.end);\n\t\tif (attachedRedirection !== undefined) {\n\t\t\treturn {\n\t\t\t\tok: false,\n\t\t\t\terror: {\n\t\t\t\t\treason: `attached shell redirection ${JSON.stringify(attachedRedirection.token)} in the command head is not supported by bash policy segments mode`,\n\t\t\t\t\toffset: absoluteStart + attachedRedirection.offset,\n\t\t\t\t\tsource,\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\n\t\tif (isEnvAssignmentWord(word.word)) {\n\t\t\treturn {\n\t\t\t\tok: false,\n\t\t\t\terror: {\n\t\t\t\t\treason: \"environment assignment words are not supported by bash policy segments mode\",\n\t\t\t\t\toffset: absoluteStart + cursor,\n\t\t\t\t\tsource,\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\n\t\tconst target = rawSegment.slice(cursor).trim();\n\t\tconst head = word.word;\n\t\tif (UNSUPPORTED_CONTROL_HEADS.has(head)) {\n\t\t\treturn {\n\t\t\t\tok: false,\n\t\t\t\terror: {\n\t\t\t\t\treason: `unsupported shell reserved or compound syntax starting with ${JSON.stringify(head)}`,\n\t\t\t\t\toffset: absoluteStart + cursor,\n\t\t\t\t\tsource,\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\t\tconst literalHead = validateLiteralCommandHead(head, word.metadata);\n\t\tif (!literalHead.ok) {\n\t\t\treturn {\n\t\t\t\tok: false,\n\t\t\t\terror: {\n\t\t\t\t\treason: literalHead.reason,\n\t\t\t\t\toffset: absoluteStart + cursor,\n\t\t\t\t\tsource,\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\n\t\treturn {\n\t\t\tok: true,\n\t\t\tsegment: {\n\t\t\t\traw: rawSegment.trim(),\n\t\t\t\ttarget,\n\t\t\t\thead,\n\t\t\t\tstart: absoluteStart + cursor,\n\t\t\t\tend: absoluteEnd,\n\t\t\t\tsource,\n\t\t\t},\n\t\t};\n\t}\n\n\treturn { ok: true };\n}\n"]}

package/dist/core/tools/bash-policy-shell.d.ts

@@ -1,11 +0,0 @@
-import type { ClosingBacktickResult, ClosingParenResult, ShellWordReadResult } from "./bash-policy-types.ts";
-export declare function isWhitespace(char: string): boolean;
-export declare function lineTerminatorLengthAt(input: string, index: number): number;
-export declare function operatorLengthAt(input: string, index: number): number;
-export declare function isHereDocumentAt(input: string, index: number): boolean;
-export declare function isCommandSubstitutionAt(input: string, index: number): boolean;
-export declare function isProcessSubstitutionAt(input: string, index: number): boolean;
-export declare function findClosingBacktick(input: string, openIndex: number): ClosingBacktickResult;
-export declare function findClosingParen(input: string, openIndex: number, construct: string): ClosingParenResult;
-export declare function readShellWord(input: string, start: number): ShellWordReadResult;
-//# sourceMappingURL=bash-policy-shell.d.ts.map

package/dist/core/tools/bash-policy-shell.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"bash-policy-shell.d.ts","sourceRoot":"","sources":["../../../src/core/tools/bash-policy-shell.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACX,qBAAqB,EACrB,kBAAkB,EAGlB,mBAAmB,EACnB,MAAM,wBAAwB,CAAC;AAEhC,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAElD;AAED,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAK3E;AAgBD,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAWrE;AAED,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAEtE;AAED,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAE7E;AAED,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAG7E;AAED,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,qBAAqB,CAa3F;AAED,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,kBAAkB,CAwExG;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,mBAAmB,CAkH/E","sourcesContent":["import type {\n\tClosingBacktickResult,\n\tClosingParenResult,\n\tShellQuoteState,\n\tShellWordMetadata,\n\tShellWordReadResult,\n} from \"./bash-policy-types.ts\";\n\nexport function isWhitespace(char: string): boolean {\n\treturn char === \" \" || char === \"\\t\" || char === \"\\n\" || char === \"\\r\";\n}\n\nexport function lineTerminatorLengthAt(input: string, index: number): number {\n\tconst char = input[index];\n\tif (char === \"\\r\") return input[index + 1] === \"\\n\" ? 2 : 1;\n\tif (char === \"\\n\") return 1;\n\treturn 0;\n}\n\nfunction previousNonWhitespace(input: string, index: number): string | undefined {\n\tfor (let i = index - 1; i >= 0; i -= 1) {\n\t\tconst char = input[i]!;\n\t\tif (!isWhitespace(char)) return char;\n\t}\n\treturn undefined;\n}\n\nfunction isRedirectionAmpersand(input: string, index: number): boolean {\n\tconst previous = previousNonWhitespace(input, index);\n\tconst next = input[index + 1];\n\treturn previous === \">\" || previous === \"<\" || next === \">\";\n}\n\nexport function operatorLengthAt(input: string, index: number): number {\n\tconst char = input[index];\n\tconst next = input[index + 1];\n\tif (char === \"|\" && input[index - 1] === \">\") return 0;\n\tif (char === \"|\" && next === \"&\") return 2;\n\tif (char === \"&\" && next === \"&\") return 2;\n\tif (char === \"|\" && next === \"|\") return 2;\n\tif (char === \"|\") return 1;\n\tif (char === \";\") return 1;\n\tif (char === \"&\" && !isRedirectionAmpersand(input, index)) return 1;\n\treturn 0;\n}\n\nexport function isHereDocumentAt(input: string, index: number): boolean {\n\treturn input[index] === \"<\" && input[index + 1] === \"<\";\n}\n\nexport function isCommandSubstitutionAt(input: string, index: number): boolean {\n\treturn input[index] === \"$\" && input[index + 1] === \"(\";\n}\n\nexport function isProcessSubstitutionAt(input: string, index: number): boolean {\n\tconst char = input[index];\n\treturn (char === \"<\" || char === \">\") && input[index + 1] === \"(\";\n}\n\nexport function findClosingBacktick(input: string, openIndex: number): ClosingBacktickResult {\n\tfor (let i = openIndex + 1; i < input.length; i += 1) {\n\t\tconst char = input[i]!;\n\t\tif (char === \"\\\\\") {\n\t\t\tif (i + 1 >= input.length) {\n\t\t\t\treturn { ok: false, reason: \"trailing escape in backtick command substitution\", offset: i };\n\t\t\t}\n\t\t\ti += 1;\n\t\t\tcontinue;\n\t\t}\n\t\tif (char === \"`\") return { ok: true, closeIndex: i };\n\t}\n\treturn { ok: false, reason: \"unclosed backtick command substitution\", offset: openIndex };\n}\n\nexport function findClosingParen(input: string, openIndex: number, construct: string): ClosingParenResult {\n\tlet quote: ShellQuoteState = \"none\";\n\tlet depth = 1;\n\tfor (let i = openIndex + 1; i < input.length; i += 1) {\n\t\tconst char = input[i]!;\n\n\t\tif (quote === \"single\") {\n\t\t\tif (char === \"'\") quote = \"none\";\n\t\t\tcontinue;\n\t\t}\n\n\t\tif (char === \"\\\\\") {\n\t\t\tif (i + 1 >= input.length) {\n\t\t\t\treturn { ok: false, reason: `trailing escape in ${construct}`, offset: i };\n\t\t\t}\n\t\t\ti += 1;\n\t\t\tcontinue;\n\t\t}\n\n\t\tif (quote === \"double\") {\n\t\t\tif (char === \"\\\"\") {\n\t\t\t\tquote = \"none\";\n\t\t\t\tcontinue;\n\t\t\t}\n\t\t\tif (isCommandSubstitutionAt(input, i) || isProcessSubstitutionAt(input, i)) {\n\t\t\t\tdepth += 1;\n\t\t\t\ti += 1;\n\t\t\t\tcontinue;\n\t\t\t}\n\t\t\tif (char === \"`\") {\n\t\t\t\tconst close = findClosingBacktick(input, i);\n\t\t\t\tif (!close.ok) return close;\n\t\t\t\ti = close.closeIndex;\n\t\t\t}\n\t\t\tcontinue;\n\t\t}\n\n\t\tif (char === \"'\") {\n\t\t\tquote = \"single\";\n\t\t\tcontinue;\n\t\t}\n\t\tif (char === \"\\\"\") {\n\t\t\tquote = \"double\";\n\t\t\tcontinue;\n\t\t}\n\t\tif (isCommandSubstitutionAt(input, i) || isProcessSubstitutionAt(input, i)) {\n\t\t\tdepth += 1;\n\t\t\ti += 1;\n\t\t\tcontinue;\n\t\t}\n\t\tif (char === \"`\") {\n\t\t\tconst close = findClosingBacktick(input, i);\n\t\t\tif (!close.ok) return close;\n\t\t\ti = close.closeIndex;\n\t\t\tcontinue;\n\t\t}\n\t\tif (char === \"(\") {\n\t\t\treturn {\n\t\t\t\tok: false,\n\t\t\t\treason: `unsupported shell grouping parentheses in ${construct}`,\n\t\t\t\toffset: i,\n\t\t\t};\n\t\t}\n\t\tif (char === \")\") {\n\t\t\tdepth -= 1;\n\t\t\tif (depth === 0) return { ok: true, closeIndex: i };\n\t\t}\n\t}\n\n\tif (quote === \"single\") return { ok: false, reason: `unclosed single quote in ${construct}`, offset: openIndex };\n\tif (quote === \"double\") return { ok: false, reason: `unclosed double quote in ${construct}`, offset: openIndex };\n\treturn { ok: false, reason: `unclosed ${construct}`, offset: openIndex };\n}\n\nexport function readShellWord(input: string, start: number): ShellWordReadResult {\n\tlet quote: ShellQuoteState = \"none\";\n\tlet sawSingleQuote = false;\n\tlet sawDoubleQuote = false;\n\tlet sawEscape = false;\n\tlet sawParameterExpansion = false;\n\tlet sawCommandSubstitution = false;\n\tlet sawProcessSubstitution = false;\n\tlet sawBacktick = false;\n\tlet sawGlobPattern = false;\n\tlet sawBraceExpansion = false;\n\tlet sawTildePrefix = false;\n\n\tconst metadata = (): ShellWordMetadata => ({\n\t\tsawSingleQuote,\n\t\tsawDoubleQuote,\n\t\tsawEscape,\n\t\tsawParameterExpansion,\n\t\tsawCommandSubstitution,\n\t\tsawProcessSubstitution,\n\t\tsawBacktick,\n\t\tsawGlobPattern,\n\t\tsawBraceExpansion,\n\t\tsawTildePrefix,\n\t});\n\n\tfor (let i = start; i < input.length; i += 1) {\n\t\tconst char = input[i]!;\n\t\tif (quote === \"single\") {\n\t\t\tif (char === \"'\") quote = \"none\";\n\t\t\tcontinue;\n\t\t}\n\t\tif (char === \"\\\\\") {\n\t\t\tsawEscape = true;\n\t\t\tif (i + 1 >= input.length) return { ok: false, reason: \"trailing escape in shell word\", offset: i };\n\t\t\ti += 1;\n\t\t\tcontinue;\n\t\t}\n\t\tif (quote === \"double\") {\n\t\t\tif (char === \"\\\"\") {\n\t\t\t\tquote = \"none\";\n\t\t\t\tcontinue;\n\t\t\t}\n\t\t\tif (isCommandSubstitutionAt(input, i) || isProcessSubstitutionAt(input, i)) {\n\t\t\t\tif (isCommandSubstitutionAt(input, i)) {\n\t\t\t\t\tsawCommandSubstitution = true;\n\t\t\t\t} else {\n\t\t\t\t\tsawProcessSubstitution = true;\n\t\t\t\t}\n\t\t\t\tconst close = findClosingParen(input, i + 1, isCommandSubstitutionAt(input, i) ? \"command substitution `$(`\" : \"process substitution\");\n\t\t\t\tif (!close.ok) return { ok: false, reason: close.reason, offset: close.offset };\n\t\t\t\ti = close.closeIndex;\n\t\t\t\tcontinue;\n\t\t\t}\n\t\t\tif (char === \"`\") {\n\t\t\t\tsawBacktick = true;\n\t\t\t\tconst close = findClosingBacktick(input, i);\n\t\t\t\tif (!close.ok) return { ok: false, reason: close.reason, offset: close.offset };\n\t\t\t\ti = close.closeIndex;\n\t\t\t\tcontinue;\n\t\t\t}\n\t\t\tif (char === \"$\") sawParameterExpansion = true;\n\t\t\tcontinue;\n\t\t}\n\t\tif (isWhitespace(char)) {\n\t\t\treturn { ok: true, word: input.slice(start, i), end: i, metadata: metadata() };\n\t\t}\n\t\tif (char === \"'\") {\n\t\t\tsawSingleQuote = true;\n\t\t\tquote = \"single\";\n\t\t\tcontinue;\n\t\t}\n\t\tif (char === \"\\\"\") {\n\t\t\tsawDoubleQuote = true;\n\t\t\tquote = \"double\";\n\t\t\tcontinue;\n\t\t}\n\t\tif (i === start && char === \"~\") {\n\t\t\tsawTildePrefix = true;\n\t\t\tcontinue;\n\t\t}\n\t\tif (isCommandSubstitutionAt(input, i) || isProcessSubstitutionAt(input, i)) {\n\t\t\tif (isCommandSubstitutionAt(input, i)) {\n\t\t\t\tsawCommandSubstitution = true;\n\t\t\t} else {\n\t\t\t\tsawProcessSubstitution = true;\n\t\t\t}\n\t\t\tconst close = findClosingParen(input, i + 1, isCommandSubstitutionAt(input, i) ? \"command substitution `$(`\" : \"process substitution\");\n\t\t\tif (!close.ok) return { ok: false, reason: close.reason, offset: close.offset };\n\t\t\ti = close.closeIndex;\n\t\t\tcontinue;\n\t\t}\n\t\tif (char === \"`\") {\n\t\t\tsawBacktick = true;\n\t\t\tconst close = findClosingBacktick(input, i);\n\t\t\tif (!close.ok) return { ok: false, reason: close.reason, offset: close.offset };\n\t\t\ti = close.closeIndex;\n\t\t\tcontinue;\n\t\t}\n\t\tif (char === \"$\") {\n\t\t\tsawParameterExpansion = true;\n\t\t\tcontinue;\n\t\t}\n\t\tif (char === \"*\" || char === \"?\" || char === \"[\" || char === \"]\") {\n\t\t\tsawGlobPattern = true;\n\t\t\tcontinue;\n\t\t}\n\t\tif (char === \"{\" || char === \"}\") {\n\t\t\tsawBraceExpansion = true;\n\t\t}\n\t}\n\tif (quote === \"single\") return { ok: false, reason: \"unclosed single quote in shell word\", offset: start };\n\tif (quote === \"double\") return { ok: false, reason: \"unclosed double quote in shell word\", offset: start };\n\treturn { ok: true, word: input.slice(start), end: input.length, metadata: metadata() };\n}\n\n"]}

package/dist/core/tools/bash-policy-shell.js

@@ -1,267 +0,0 @@
-export function isWhitespace(char) {
-    return char === " " || char === "\t" || char === "\n" || char === "\r";
-}
-export function lineTerminatorLengthAt(input, index) {
-    const char = input[index];
-    if (char === "\r")
-        return input[index + 1] === "\n" ? 2 : 1;
-    if (char === "\n")
-        return 1;
-    return 0;
-}
-function previousNonWhitespace(input, index) {
-    for (let i = index - 1; i >= 0; i -= 1) {
-        const char = input[i];
-        if (!isWhitespace(char))
-            return char;
-    }
-    return undefined;
-}
-function isRedirectionAmpersand(input, index) {
-    const previous = previousNonWhitespace(input, index);
-    const next = input[index + 1];
-    return previous === ">" || previous === "<" || next === ">";
-}
-export function operatorLengthAt(input, index) {
-    const char = input[index];
-    const next = input[index + 1];
-    if (char === "|" && input[index - 1] === ">")
-        return 0;
-    if (char === "|" && next === "&")
-        return 2;
-    if (char === "&" && next === "&")
-        return 2;
-    if (char === "|" && next === "|")
-        return 2;
-    if (char === "|")
-        return 1;
-    if (char === ";")
-        return 1;
-    if (char === "&" && !isRedirectionAmpersand(input, index))
-        return 1;
-    return 0;
-}
-export function isHereDocumentAt(input, index) {
-    return input[index] === "<" && input[index + 1] === "<";
-}
-export function isCommandSubstitutionAt(input, index) {
-    return input[index] === "$" && input[index + 1] === "(";
-}
-export function isProcessSubstitutionAt(input, index) {
-    const char = input[index];
-    return (char === "<" || char === ">") && input[index + 1] === "(";
-}
-export function findClosingBacktick(input, openIndex) {
-    for (let i = openIndex + 1; i < input.length; i += 1) {
-        const char = input[i];
-        if (char === "\\") {
-            if (i + 1 >= input.length) {
-                return { ok: false, reason: "trailing escape in backtick command substitution", offset: i };
-            }
-            i += 1;
-            continue;
-        }
-        if (char === "`")
-            return { ok: true, closeIndex: i };
-    }
-    return { ok: false, reason: "unclosed backtick command substitution", offset: openIndex };
-}
-export function findClosingParen(input, openIndex, construct) {
-    let quote = "none";
-    let depth = 1;
-    for (let i = openIndex + 1; i < input.length; i += 1) {
-        const char = input[i];
-        if (quote === "single") {
-            if (char === "'")
-                quote = "none";
-            continue;
-        }
-        if (char === "\\") {
-            if (i + 1 >= input.length) {
-                return { ok: false, reason: `trailing escape in ${construct}`, offset: i };
-            }
-            i += 1;
-            continue;
-        }
-        if (quote === "double") {
-            if (char === "\"") {
-                quote = "none";
-                continue;
-            }
-            if (isCommandSubstitutionAt(input, i) || isProcessSubstitutionAt(input, i)) {
-                depth += 1;
-                i += 1;
-                continue;
-            }
-            if (char === "`") {
-                const close = findClosingBacktick(input, i);
-                if (!close.ok)
-                    return close;
-                i = close.closeIndex;
-            }
-            continue;
-        }
-        if (char === "'") {
-            quote = "single";
-            continue;
-        }
-        if (char === "\"") {
-            quote = "double";
-            continue;
-        }
-        if (isCommandSubstitutionAt(input, i) || isProcessSubstitutionAt(input, i)) {
-            depth += 1;
-            i += 1;
-            continue;
-        }
-        if (char === "`") {
-            const close = findClosingBacktick(input, i);
-            if (!close.ok)
-                return close;
-            i = close.closeIndex;
-            continue;
-        }
-        if (char === "(") {
-            return {
-                ok: false,
-                reason: `unsupported shell grouping parentheses in ${construct}`,
-                offset: i,
-            };
-        }
-        if (char === ")") {
-            depth -= 1;
-            if (depth === 0)
-                return { ok: true, closeIndex: i };
-        }
-    }
-    if (quote === "single")
-        return { ok: false, reason: `unclosed single quote in ${construct}`, offset: openIndex };
-    if (quote === "double")
-        return { ok: false, reason: `unclosed double quote in ${construct}`, offset: openIndex };
-    return { ok: false, reason: `unclosed ${construct}`, offset: openIndex };
-}
-export function readShellWord(input, start) {
-    let quote = "none";
-    let sawSingleQuote = false;
-    let sawDoubleQuote = false;
-    let sawEscape = false;
-    let sawParameterExpansion = false;
-    let sawCommandSubstitution = false;
-    let sawProcessSubstitution = false;
-    let sawBacktick = false;
-    let sawGlobPattern = false;
-    let sawBraceExpansion = false;
-    let sawTildePrefix = false;
-    const metadata = () => ({
-        sawSingleQuote,
-        sawDoubleQuote,
-        sawEscape,
-        sawParameterExpansion,
-        sawCommandSubstitution,
-        sawProcessSubstitution,
-        sawBacktick,
-        sawGlobPattern,
-        sawBraceExpansion,
-        sawTildePrefix,
-    });
-    for (let i = start; i < input.length; i += 1) {
-        const char = input[i];
-        if (quote === "single") {
-            if (char === "'")
-                quote = "none";
-            continue;
-        }
-        if (char === "\\") {
-            sawEscape = true;
-            if (i + 1 >= input.length)
-                return { ok: false, reason: "trailing escape in shell word", offset: i };
-            i += 1;
-            continue;
-        }
-        if (quote === "double") {
-            if (char === "\"") {
-                quote = "none";
-                continue;
-            }
-            if (isCommandSubstitutionAt(input, i) || isProcessSubstitutionAt(input, i)) {
-                if (isCommandSubstitutionAt(input, i)) {
-                    sawCommandSubstitution = true;
-                }
-                else {
-                    sawProcessSubstitution = true;
-                }
-                const close = findClosingParen(input, i + 1, isCommandSubstitutionAt(input, i) ? "command substitution `$(`" : "process substitution");
-                if (!close.ok)
-                    return { ok: false, reason: close.reason, offset: close.offset };
-                i = close.closeIndex;
-                continue;
-            }
-            if (char === "`") {
-                sawBacktick = true;
-                const close = findClosingBacktick(input, i);
-                if (!close.ok)
-                    return { ok: false, reason: close.reason, offset: close.offset };
-                i = close.closeIndex;
-                continue;
-            }
-            if (char === "$")
-                sawParameterExpansion = true;
-            continue;
-        }
-        if (isWhitespace(char)) {
-            return { ok: true, word: input.slice(start, i), end: i, metadata: metadata() };
-        }
-        if (char === "'") {
-            sawSingleQuote = true;
-            quote = "single";
-            continue;
-        }
-        if (char === "\"") {
-            sawDoubleQuote = true;
-            quote = "double";
-            continue;
-        }
-        if (i === start && char === "~") {
-            sawTildePrefix = true;
-            continue;
-        }
-        if (isCommandSubstitutionAt(input, i) || isProcessSubstitutionAt(input, i)) {
-            if (isCommandSubstitutionAt(input, i)) {
-                sawCommandSubstitution = true;
-            }
-            else {
-                sawProcessSubstitution = true;
-            }
-            const close = findClosingParen(input, i + 1, isCommandSubstitutionAt(input, i) ? "command substitution `$(`" : "process substitution");
-            if (!close.ok)
-                return { ok: false, reason: close.reason, offset: close.offset };
-            i = close.closeIndex;
-            continue;
-        }
-        if (char === "`") {
-            sawBacktick = true;
-            const close = findClosingBacktick(input, i);
-            if (!close.ok)
-                return { ok: false, reason: close.reason, offset: close.offset };
-            i = close.closeIndex;
-            continue;
-        }
-        if (char === "$") {
-            sawParameterExpansion = true;
-            continue;
-        }
-        if (char === "*" || char === "?" || char === "[" || char === "]") {
-            sawGlobPattern = true;
-            continue;
-        }
-        if (char === "{" || char === "}") {
-            sawBraceExpansion = true;
-        }
-    }
-    if (quote === "single")
-        return { ok: false, reason: "unclosed single quote in shell word", offset: start };
-    if (quote === "double")
-        return { ok: false, reason: "unclosed double quote in shell word", offset: start };
-    return { ok: true, word: input.slice(start), end: input.length, metadata: metadata() };
-}
-//# sourceMappingURL=bash-policy-shell.js.map

package/dist/core/tools/bash-policy-shell.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"bash-policy-shell.js","sourceRoot":"","sources":["../../../src/core/tools/bash-policy-shell.ts"],"names":[],"mappings":"AAQA,MAAM,UAAU,YAAY,CAAC,IAAY;IACxC,OAAO,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,IAAI,CAAC;AACxE,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,KAAa,EAAE,KAAa;IAClE,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC;IAC1B,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5D,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,CAAC,CAAC;IAC5B,OAAO,CAAC,CAAC;AACV,CAAC;AAED,SAAS,qBAAqB,CAAC,KAAa,EAAE,KAAa;IAC1D,KAAK,IAAI,CAAC,GAAG,KAAK,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QACxC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACvB,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;IACtC,CAAC;IACD,OAAO,SAAS,CAAC;AAClB,CAAC;AAED,SAAS,sBAAsB,CAAC,KAAa,EAAE,KAAa;IAC3D,MAAM,QAAQ,GAAG,qBAAqB,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IACrD,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;IAC9B,OAAO,QAAQ,KAAK,GAAG,IAAI,QAAQ,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,CAAC;AAC7D,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,KAAa,EAAE,KAAa;IAC5D,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC;IAC1B,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;IAC9B,IAAI,IAAI,KAAK,GAAG,IAAI,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,GAAG;QAAE,OAAO,CAAC,CAAC;IACvD,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG;QAAE,OAAO,CAAC,CAAC;IAC3C,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG;QAAE,OAAO,CAAC,CAAC;IAC3C,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG;QAAE,OAAO,CAAC,CAAC;IAC3C,IAAI,IAAI,KAAK,GAAG;QAAE,OAAO,CAAC,CAAC;IAC3B,IAAI,IAAI,KAAK,GAAG;QAAE,OAAO,CAAC,CAAC;IAC3B,IAAI,IAAI,KAAK,GAAG,IAAI,CAAC,sBAAsB,CAAC,KAAK,EAAE,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC;IACpE,OAAO,CAAC,CAAC;AACV,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,KAAa,EAAE,KAAa;IAC5D,OAAO,KAAK,CAAC,KAAK,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,GAAG,CAAC;AACzD,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,KAAa,EAAE,KAAa;IACnE,OAAO,KAAK,CAAC,KAAK,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,GAAG,CAAC;AACzD,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,KAAa,EAAE,KAAa;IACnE,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC;IAC1B,OAAO,CAAC,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,CAAC,IAAI,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,GAAG,CAAC;AACnE,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,KAAa,EAAE,SAAiB;IACnE,KAAK,IAAI,CAAC,GAAG,SAAS,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QACtD,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACvB,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;YACnB,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;gBAC3B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,kDAAkD,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;YAC7F,CAAC;YACD,CAAC,IAAI,CAAC,CAAC;YACP,SAAS;QACV,CAAC;QACD,IAAI,IAAI,KAAK,GAAG;YAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC;IACtD,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,wCAAwC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;AAC3F,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,KAAa,EAAE,SAAiB,EAAE,SAAiB;IACnF,IAAI,KAAK,GAAoB,MAAM,CAAC;IACpC,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,KAAK,IAAI,CAAC,GAAG,SAAS,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QACtD,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QAEvB,IAAI,KAAK,KAAK,QAAQ,EAAE,CAAC;YACxB,IAAI,IAAI,KAAK,GAAG;gBAAE,KAAK,GAAG,MAAM,CAAC;YACjC,SAAS;QACV,CAAC;QAED,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;YACnB,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;gBAC3B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,sBAAsB,SAAS,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;YAC5E,CAAC;YACD,CAAC,IAAI,CAAC,CAAC;YACP,SAAS;QACV,CAAC;QAED,IAAI,KAAK,KAAK,QAAQ,EAAE,CAAC;YACxB,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;gBACnB,KAAK,GAAG,MAAM,CAAC;gBACf,SAAS;YACV,CAAC;YACD,IAAI,uBAAuB,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,uBAAuB,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,CAAC;gBAC5E,KAAK,IAAI,CAAC,CAAC;gBACX,CAAC,IAAI,CAAC,CAAC;gBACP,SAAS;YACV,CAAC;YACD,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBAClB,MAAM,KAAK,GAAG,mBAAmB,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;gBAC5C,IAAI,CAAC,KAAK,CAAC,EAAE;oBAAE,OAAO,KAAK,CAAC;gBAC5B,CAAC,GAAG,KAAK,CAAC,UAAU,CAAC;YACtB,CAAC;YACD,SAAS;QACV,CAAC;QAED,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YAClB,KAAK,GAAG,QAAQ,CAAC;YACjB,SAAS;QACV,CAAC;QACD,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;YACnB,KAAK,GAAG,QAAQ,CAAC;YACjB,SAAS;QACV,CAAC;QACD,IAAI,uBAAuB,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,uBAAuB,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,CAAC;YAC5E,KAAK,IAAI,CAAC,CAAC;YACX,CAAC,IAAI,CAAC,CAAC;YACP,SAAS;QACV,CAAC;QACD,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YAClB,MAAM,KAAK,GAAG,mBAAmB,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAC5C,IAAI,CAAC,KAAK,CAAC,EAAE;gBAAE,OAAO,KAAK,CAAC;YAC5B,CAAC,GAAG,KAAK,CAAC,UAAU,CAAC;YACrB,SAAS;QACV,CAAC;QACD,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YAClB,OAAO;gBACN,EAAE,EAAE,KAAK;gBACT,MAAM,EAAE,6CAA6C,SAAS,EAAE;gBAChE,MAAM,EAAE,CAAC;aACT,CAAC;QACH,CAAC;QACD,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YAClB,KAAK,IAAI,CAAC,CAAC;YACX,IAAI,KAAK,KAAK,CAAC;gBAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC;QACrD,CAAC;IACF,CAAC;IAED,IAAI,KAAK,KAAK,QAAQ;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,4BAA4B,SAAS,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IACjH,IAAI,KAAK,KAAK,QAAQ;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,4BAA4B,SAAS,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IACjH,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,SAAS,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;AAC1E,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,KAAa,EAAE,KAAa;IACzD,IAAI,KAAK,GAAoB,MAAM,CAAC;IACpC,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,IAAI,SAAS,GAAG,KAAK,CAAC;IACtB,IAAI,qBAAqB,GAAG,KAAK,CAAC;IAClC,IAAI,sBAAsB,GAAG,KAAK,CAAC;IACnC,IAAI,sBAAsB,GAAG,KAAK,CAAC;IACnC,IAAI,WAAW,GAAG,KAAK,CAAC;IACxB,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,IAAI,iBAAiB,GAAG,KAAK,CAAC;IAC9B,IAAI,cAAc,GAAG,KAAK,CAAC;IAE3B,MAAM,QAAQ,GAAG,GAAsB,EAAE,CAAC,CAAC;QAC1C,cAAc;QACd,cAAc;QACd,SAAS;QACT,qBAAqB;QACrB,sBAAsB;QACtB,sBAAsB;QACtB,WAAW;QACX,cAAc;QACd,iBAAiB;QACjB,cAAc;KACd,CAAC,CAAC;IAEH,KAAK,IAAI,CAAC,GAAG,KAAK,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACvB,IAAI,KAAK,KAAK,QAAQ,EAAE,CAAC;YACxB,IAAI,IAAI,KAAK,GAAG;gBAAE,KAAK,GAAG,MAAM,CAAC;YACjC,SAAS;QACV,CAAC;QACD,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;YACnB,SAAS,GAAG,IAAI,CAAC;YACjB,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,MAAM;gBAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,+BAA+B,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;YACpG,CAAC,IAAI,CAAC,CAAC;YACP,SAAS;QACV,CAAC;QACD,IAAI,KAAK,KAAK,QAAQ,EAAE,CAAC;YACxB,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;gBACnB,KAAK,GAAG,MAAM,CAAC;gBACf,SAAS;YACV,CAAC;YACD,IAAI,uBAAuB,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,uBAAuB,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,CAAC;gBAC5E,IAAI,uBAAuB,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,CAAC;oBACvC,sBAAsB,GAAG,IAAI,CAAC;gBAC/B,CAAC;qBAAM,CAAC;oBACP,sBAAsB,GAAG,IAAI,CAAC;gBAC/B,CAAC;gBACD,MAAM,KAAK,GAAG,gBAAgB,CAAC,KAAK,EAAE,CAAC,GAAG,CAAC,EAAE,uBAAuB,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,2BAA2B,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC;gBACvI,IAAI,CAAC,KAAK,CAAC,EAAE;oBAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC;gBAChF,CAAC,GAAG,KAAK,CAAC,UAAU,CAAC;gBACrB,SAAS;YACV,CAAC;YACD,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBAClB,WAAW,GAAG,IAAI,CAAC;gBACnB,MAAM,KAAK,GAAG,mBAAmB,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;gBAC5C,IAAI,CAAC,KAAK,CAAC,EAAE;oBAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC;gBAChF,CAAC,GAAG,KAAK,CAAC,UAAU,CAAC;gBACrB,SAAS;YACV,CAAC;YACD,IAAI,IAAI,KAAK,GAAG;gBAAE,qBAAqB,GAAG,IAAI,CAAC;YAC/C,SAAS;QACV,CAAC;QACD,IAAI,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;YACxB,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,EAAE,CAAC;QAChF,CAAC;QACD,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YAClB,cAAc,GAAG,IAAI,CAAC;YACtB,KAAK,GAAG,QAAQ,CAAC;YACjB,SAAS;QACV,CAAC;QACD,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;YACnB,cAAc,GAAG,IAAI,CAAC;YACtB,KAAK,GAAG,QAAQ,CAAC;YACjB,SAAS;QACV,CAAC;QACD,IAAI,CAAC,KAAK,KAAK,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YACjC,cAAc,GAAG,IAAI,CAAC;YACtB,SAAS;QACV,CAAC;QACD,IAAI,uBAAuB,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,uBAAuB,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,CAAC;YAC5E,IAAI,uBAAuB,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,CAAC;gBACvC,sBAAsB,GAAG,IAAI,CAAC;YAC/B,CAAC;iBAAM,CAAC;gBACP,sBAAsB,GAAG,IAAI,CAAC;YAC/B,CAAC;YACD,MAAM,KAAK,GAAG,gBAAgB,CAAC,KAAK,EAAE,CAAC,GAAG,CAAC,EAAE,uBAAuB,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,2BAA2B,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC;YACvI,IAAI,CAAC,KAAK,CAAC,EAAE;gBAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC;YAChF,CAAC,GAAG,KAAK,CAAC,UAAU,CAAC;YACrB,SAAS;QACV,CAAC;QACD,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YAClB,WAAW,GAAG,IAAI,CAAC;YACnB,MAAM,KAAK,GAAG,mBAAmB,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAC5C,IAAI,CAAC,KAAK,CAAC,EAAE;gBAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC;YAChF,CAAC,GAAG,KAAK,CAAC,UAAU,CAAC;YACrB,SAAS;QACV,CAAC;QACD,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YAClB,qBAAqB,GAAG,IAAI,CAAC;YAC7B,SAAS;QACV,CAAC;QACD,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YAClE,cAAc,GAAG,IAAI,CAAC;YACtB,SAAS;QACV,CAAC;QACD,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YAClC,iBAAiB,GAAG,IAAI,CAAC;QAC1B,CAAC;IACF,CAAC;IACD,IAAI,KAAK,KAAK,QAAQ;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,qCAAqC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;IAC3G,IAAI,KAAK,KAAK,QAAQ;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,qCAAqC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;IAC3G,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,KAAK,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,EAAE,CAAC;AACxF,CAAC","sourcesContent":["import type {\n\tClosingBacktickResult,\n\tClosingParenResult,\n\tShellQuoteState,\n\tShellWordMetadata,\n\tShellWordReadResult,\n} from \"./bash-policy-types.ts\";\n\nexport function isWhitespace(char: string): boolean {\n\treturn char === \" \" || char === \"\\t\" || char === \"\\n\" || char === \"\\r\";\n}\n\nexport function lineTerminatorLengthAt(input: string, index: number): number {\n\tconst char = input[index];\n\tif (char === \"\\r\") return input[index + 1] === \"\\n\" ? 2 : 1;\n\tif (char === \"\\n\") return 1;\n\treturn 0;\n}\n\nfunction previousNonWhitespace(input: string, index: number): string | undefined {\n\tfor (let i = index - 1; i >= 0; i -= 1) {\n\t\tconst char = input[i]!;\n\t\tif (!isWhitespace(char)) return char;\n\t}\n\treturn undefined;\n}\n\nfunction isRedirectionAmpersand(input: string, index: number): boolean {\n\tconst previous = previousNonWhitespace(input, index);\n\tconst next = input[index + 1];\n\treturn previous === \">\" || previous === \"<\" || next === \">\";\n}\n\nexport function operatorLengthAt(input: string, index: number): number {\n\tconst char = input[index];\n\tconst next = input[index + 1];\n\tif (char === \"|\" && input[index - 1] === \">\") return 0;\n\tif (char === \"|\" && next === \"&\") return 2;\n\tif (char === \"&\" && next === \"&\") return 2;\n\tif (char === \"|\" && next === \"|\") return 2;\n\tif (char === \"|\") return 1;\n\tif (char === \";\") return 1;\n\tif (char === \"&\" && !isRedirectionAmpersand(input, index)) return 1;\n\treturn 0;\n}\n\nexport function isHereDocumentAt(input: string, index: number): boolean {\n\treturn input[index] === \"<\" && input[index + 1] === \"<\";\n}\n\nexport function isCommandSubstitutionAt(input: string, index: number): boolean {\n\treturn input[index] === \"$\" && input[index + 1] === \"(\";\n}\n\nexport function isProcessSubstitutionAt(input: string, index: number): boolean {\n\tconst char = input[index];\n\treturn (char === \"<\" || char === \">\") && input[index + 1] === \"(\";\n}\n\nexport function findClosingBacktick(input: string, openIndex: number): ClosingBacktickResult {\n\tfor (let i = openIndex + 1; i < input.length; i += 1) {\n\t\tconst char = input[i]!;\n\t\tif (char === \"\\\\\") {\n\t\t\tif (i + 1 >= input.length) {\n\t\t\t\treturn { ok: false, reason: \"trailing escape in backtick command substitution\", offset: i };\n\t\t\t}\n\t\t\ti += 1;\n\t\t\tcontinue;\n\t\t}\n\t\tif (char === \"`\") return { ok: true, closeIndex: i };\n\t}\n\treturn { ok: false, reason: \"unclosed backtick command substitution\", offset: openIndex };\n}\n\nexport function findClosingParen(input: string, openIndex: number, construct: string): ClosingParenResult {\n\tlet quote: ShellQuoteState = \"none\";\n\tlet depth = 1;\n\tfor (let i = openIndex + 1; i < input.length; i += 1) {\n\t\tconst char = input[i]!;\n\n\t\tif (quote === \"single\") {\n\t\t\tif (char === \"'\") quote = \"none\";\n\t\t\tcontinue;\n\t\t}\n\n\t\tif (char === \"\\\\\") {\n\t\t\tif (i + 1 >= input.length) {\n\t\t\t\treturn { ok: false, reason: `trailing escape in ${construct}`, offset: i };\n\t\t\t}\n\t\t\ti += 1;\n\t\t\tcontinue;\n\t\t}\n\n\t\tif (quote === \"double\") {\n\t\t\tif (char === \"\\\"\") {\n\t\t\t\tquote = \"none\";\n\t\t\t\tcontinue;\n\t\t\t}\n\t\t\tif (isCommandSubstitutionAt(input, i) || isProcessSubstitutionAt(input, i)) {\n\t\t\t\tdepth += 1;\n\t\t\t\ti += 1;\n\t\t\t\tcontinue;\n\t\t\t}\n\t\t\tif (char === \"`\") {\n\t\t\t\tconst close = findClosingBacktick(input, i);\n\t\t\t\tif (!close.ok) return close;\n\t\t\t\ti = close.closeIndex;\n\t\t\t}\n\t\t\tcontinue;\n\t\t}\n\n\t\tif (char === \"'\") {\n\t\t\tquote = \"single\";\n\t\t\tcontinue;\n\t\t}\n\t\tif (char === \"\\\"\") {\n\t\t\tquote = \"double\";\n\t\t\tcontinue;\n\t\t}\n\t\tif (isCommandSubstitutionAt(input, i) || isProcessSubstitutionAt(input, i)) {\n\t\t\tdepth += 1;\n\t\t\ti += 1;\n\t\t\tcontinue;\n\t\t}\n\t\tif (char === \"`\") {\n\t\t\tconst close = findClosingBacktick(input, i);\n\t\t\tif (!close.ok) return close;\n\t\t\ti = close.closeIndex;\n\t\t\tcontinue;\n\t\t}\n\t\tif (char === \"(\") {\n\t\t\treturn {\n\t\t\t\tok: false,\n\t\t\t\treason: `unsupported shell grouping parentheses in ${construct}`,\n\t\t\t\toffset: i,\n\t\t\t};\n\t\t}\n\t\tif (char === \")\") {\n\t\t\tdepth -= 1;\n\t\t\tif (depth === 0) return { ok: true, closeIndex: i };\n\t\t}\n\t}\n\n\tif (quote === \"single\") return { ok: false, reason: `unclosed single quote in ${construct}`, offset: openIndex };\n\tif (quote === \"double\") return { ok: false, reason: `unclosed double quote in ${construct}`, offset: openIndex };\n\treturn { ok: false, reason: `unclosed ${construct}`, offset: openIndex };\n}\n\nexport function readShellWord(input: string, start: number): ShellWordReadResult {\n\tlet quote: ShellQuoteState = \"none\";\n\tlet sawSingleQuote = false;\n\tlet sawDoubleQuote = false;\n\tlet sawEscape = false;\n\tlet sawParameterExpansion = false;\n\tlet sawCommandSubstitution = false;\n\tlet sawProcessSubstitution = false;\n\tlet sawBacktick = false;\n\tlet sawGlobPattern = false;\n\tlet sawBraceExpansion = false;\n\tlet sawTildePrefix = false;\n\n\tconst metadata = (): ShellWordMetadata => ({\n\t\tsawSingleQuote,\n\t\tsawDoubleQuote,\n\t\tsawEscape,\n\t\tsawParameterExpansion,\n\t\tsawCommandSubstitution,\n\t\tsawProcessSubstitution,\n\t\tsawBacktick,\n\t\tsawGlobPattern,\n\t\tsawBraceExpansion,\n\t\tsawTildePrefix,\n\t});\n\n\tfor (let i = start; i < input.length; i += 1) {\n\t\tconst char = input[i]!;\n\t\tif (quote === \"single\") {\n\t\t\tif (char === \"'\") quote = \"none\";\n\t\t\tcontinue;\n\t\t}\n\t\tif (char === \"\\\\\") {\n\t\t\tsawEscape = true;\n\t\t\tif (i + 1 >= input.length) return { ok: false, reason: \"trailing escape in shell word\", offset: i };\n\t\t\ti += 1;\n\t\t\tcontinue;\n\t\t}\n\t\tif (quote === \"double\") {\n\t\t\tif (char === \"\\\"\") {\n\t\t\t\tquote = \"none\";\n\t\t\t\tcontinue;\n\t\t\t}\n\t\t\tif (isCommandSubstitutionAt(input, i) || isProcessSubstitutionAt(input, i)) {\n\t\t\t\tif (isCommandSubstitutionAt(input, i)) {\n\t\t\t\t\tsawCommandSubstitution = true;\n\t\t\t\t} else {\n\t\t\t\t\tsawProcessSubstitution = true;\n\t\t\t\t}\n\t\t\t\tconst close = findClosingParen(input, i + 1, isCommandSubstitutionAt(input, i) ? \"command substitution `$(`\" : \"process substitution\");\n\t\t\t\tif (!close.ok) return { ok: false, reason: close.reason, offset: close.offset };\n\t\t\t\ti = close.closeIndex;\n\t\t\t\tcontinue;\n\t\t\t}\n\t\t\tif (char === \"`\") {\n\t\t\t\tsawBacktick = true;\n\t\t\t\tconst close = findClosingBacktick(input, i);\n\t\t\t\tif (!close.ok) return { ok: false, reason: close.reason, offset: close.offset };\n\t\t\t\ti = close.closeIndex;\n\t\t\t\tcontinue;\n\t\t\t}\n\t\t\tif (char === \"$\") sawParameterExpansion = true;\n\t\t\tcontinue;\n\t\t}\n\t\tif (isWhitespace(char)) {\n\t\t\treturn { ok: true, word: input.slice(start, i), end: i, metadata: metadata() };\n\t\t}\n\t\tif (char === \"'\") {\n\t\t\tsawSingleQuote = true;\n\t\t\tquote = \"single\";\n\t\t\tcontinue;\n\t\t}\n\t\tif (char === \"\\\"\") {\n\t\t\tsawDoubleQuote = true;\n\t\t\tquote = \"double\";\n\t\t\tcontinue;\n\t\t}\n\t\tif (i === start && char === \"~\") {\n\t\t\tsawTildePrefix = true;\n\t\t\tcontinue;\n\t\t}\n\t\tif (isCommandSubstitutionAt(input, i) || isProcessSubstitutionAt(input, i)) {\n\t\t\tif (isCommandSubstitutionAt(input, i)) {\n\t\t\t\tsawCommandSubstitution = true;\n\t\t\t} else {\n\t\t\t\tsawProcessSubstitution = true;\n\t\t\t}\n\t\t\tconst close = findClosingParen(input, i + 1, isCommandSubstitutionAt(input, i) ? \"command substitution `$(`\" : \"process substitution\");\n\t\t\tif (!close.ok) return { ok: false, reason: close.reason, offset: close.offset };\n\t\t\ti = close.closeIndex;\n\t\t\tcontinue;\n\t\t}\n\t\tif (char === \"`\") {\n\t\t\tsawBacktick = true;\n\t\t\tconst close = findClosingBacktick(input, i);\n\t\t\tif (!close.ok) return { ok: false, reason: close.reason, offset: close.offset };\n\t\t\ti = close.closeIndex;\n\t\t\tcontinue;\n\t\t}\n\t\tif (char === \"$\") {\n\t\t\tsawParameterExpansion = true;\n\t\t\tcontinue;\n\t\t}\n\t\tif (char === \"*\" || char === \"?\" || char === \"[\" || char === \"]\") {\n\t\t\tsawGlobPattern = true;\n\t\t\tcontinue;\n\t\t}\n\t\tif (char === \"{\" || char === \"}\") {\n\t\t\tsawBraceExpansion = true;\n\t\t}\n\t}\n\tif (quote === \"single\") return { ok: false, reason: \"unclosed single quote in shell word\", offset: start };\n\tif (quote === \"double\") return { ok: false, reason: \"unclosed double quote in shell word\", offset: start };\n\treturn { ok: true, word: input.slice(start), end: input.length, metadata: metadata() };\n}\n\n"]}