opencode icon indicating copy to clipboard operation
opencode copied to clipboard
Published 3 months ago verified publisher icon anomalyco

fix: handle redirected_statement treesitter node in bash permissions

Open pschiel opened this issue 4 months ago • 3 comments

Fixes #5330

This patch fixes two issues in bash tool permission handling:

1. bash redirect statements are not handled (treesitter-bash usage)

Any commands parsed don't have redirects included (e.g. ls foo > bar results in ls foo) which prevents permission rules to match properly (e.g. "ls *>*": "deny" does not apply).

Cause: Redirect statements are parents of commands, thus not recognized in the loop over descendantsOfType("command")

$ echo "ls hello > /dev/null" | tree-sitter parse

(program [0, 0] - [1, 0]
  (redirected_statement [0, 0] - [0, 20]
    body: (command [0, 0] - [0, 8]
      name: (command_name [0, 0] - [0, 2]
        (word [0, 0] - [0, 2]))
      argument: (word [0, 3] - [0, 8]))
    redirect: (file_redirect [0, 9] - [0, 20]
      destination: (word [0, 11] - [0, 20]))))

Solution: use node.parent.text for the pattern matching, which includes the full command

2. bash always pattern lacks a space after the command

Approving ls adds ls* as an always pattern, which allows also other commands (e.g. lsof) which is not intended.

Solution: add a space so ls* becomes ls * in the pattern

pschiel avatar Jan 03 '26 06:01 pschiel

Hey! Your PR title (fix) handle redirected_statement treesitter node in bash permissions doesn't follow conventional commit format.

Please update it to start with one of:

  • feat: or feat(scope): new feature
  • fix: or fix(scope): bug fix
  • docs: or docs(scope): documentation changes
  • chore: or chore(scope): maintenance tasks
  • refactor: or refactor(scope): code refactoring
  • test: or test(scope): adding or updating tests

Where scope is the package name (e.g., app, desktop, opencode).

See CONTRIBUTING.md for details.

github-actions[bot] avatar Jan 09 '26 20:01 github-actions[bot]

Thanks for your contribution!

This PR doesn't have a linked issue. All PRs must reference an existing issue.

Please:

  1. Open an issue describing the bug/feature (if one doesn't exist)
  2. Add Fixes #<number> or Closes #<number> to this PR description

See CONTRIBUTING.md for details.

github-actions[bot] avatar Jan 11 '26 16:01 github-actions[bot]