Harden macOS shell wrapper allowlist parsing [AI] (#78518)

* fix: harden shell wrapper allowlist parsing * fix: harden shell wrapper approval binding * docs: add changelog entry for PR merge --------- Co-authored-by: Ishaan <ishaan@Ishaans-Mac-mini.local>
2026-05-09 16:30:42 +00:00 · 2026-05-08 10:18:41 +05:30
parent eabae023eb
commit fc065b2693
23 changed files with 1200 additions and 204 deletions
--- a/test/fixtures/system-run-command-contract.json
+++ b/test/fixtures/system-run-command-contract.json
@@ -26,6 +26,15 @@
        "displayCommand": "/bin/sh -lc \"echo hi\""
      }
    },
+    {
+      "name": "non-sh login shell wrapper requires full argv display binding",
+      "command": ["/bin/bash", "-lc", "/usr/bin/printf ok"],
+      "rawCommand": "/usr/bin/printf ok",
+      "expected": {
+        "valid": false,
+        "errorContains": "rawCommand does not match command"
+      }
+    },
    {
      "name": "shell wrapper positional argv carrier requires full argv display binding",
      "command": ["/bin/sh", "-lc", "$0 \"$1\"", "/usr/bin/touch", "/tmp/marker"],
@@ -46,11 +55,11 @@
    },
    {
      "name": "env wrapper shell payload accepted at ingress when prelude has no env modifiers",
-      "command": ["/usr/bin/env", "bash", "-lc", "echo hi"],
+      "command": ["/usr/bin/env", "sh", "-lc", "echo hi"],
      "rawCommand": "echo hi",
      "expected": {
        "valid": true,
-        "displayCommand": "/usr/bin/env bash -lc \"echo hi\""
+        "displayCommand": "/usr/bin/env sh -lc \"echo hi\""
      }
    },
    {
@@ -79,6 +88,42 @@
        "valid": true,
        "displayCommand": "/usr/bin/env BASH_ENV=/tmp/payload.sh bash -lc \"echo hi\""
      }
+    },
+    {
+      "name": "login shell wrapper requires full argv display binding",
+      "command": ["/bin/bash", "--login", "-c", "/usr/bin/printf ok"],
+      "rawCommand": "/usr/bin/printf ok",
+      "expected": {
+        "valid": false,
+        "errorContains": "rawCommand does not match command"
+      }
+    },
+    {
+      "name": "login shell wrapper accepts canonical full argv raw command",
+      "command": ["/bin/bash", "--login", "-c", "/usr/bin/printf ok"],
+      "rawCommand": "/bin/bash --login -c \"/usr/bin/printf ok\"",
+      "expected": {
+        "valid": true,
+        "displayCommand": "/bin/bash --login -c \"/usr/bin/printf ok\""
+      }
+    },
+    {
+      "name": "interactive shell wrapper requires full argv display binding",
+      "command": ["/bin/bash", "-i", "-c", "/usr/bin/printf ok"],
+      "rawCommand": "/usr/bin/printf ok",
+      "expected": {
+        "valid": false,
+        "errorContains": "rawCommand does not match command"
+      }
+    },
+    {
+      "name": "fish init-command wrapper requires full argv display binding",
+      "command": ["/usr/bin/fish", "--init-command=/tmp/payload.fish", "-c", "/usr/bin/printf ok"],
+      "rawCommand": "/usr/bin/printf ok",
+      "expected": {
+        "valid": false,
+        "errorContains": "rawCommand does not match command"
+      }
    }
  ]
 }