security: validate all pkill patterns for BSD compatibility

pkill on BSD systems accepts multiple pattern operands. Previous code only validated args[-1], allowing disallowed processes to slip through when combined with allowed ones (e.g., "pkill node sshd" would only check "sshd"). Now validates every non-flag argument to ensure no disallowed process can be targeted. Added tests for multiple pattern scenarios. Addresses CodeRabbit feedback on PR #101. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-30 06:12:06 +00:00 · 2026-01-25 20:12:54 +01:00
parent fed2516f08
commit 34b9b5f5b2
2 changed files with 38 additions and 8 deletions
--- a/security.py
+++ b/security.py
@@ -273,15 +273,17 @@ def validate_pkill_command(
    if not args:
        return False, "pkill requires a process name"

-    # The target is typically the last non-flag argument
-    target = args[-1]
+    # Validate every non-flag argument (pkill accepts multiple patterns on BSD)
+    # This defensively ensures no disallowed process can be targeted
+    targets = []
+    for arg in args:
+        # For -f flag (full command line match), take the first word as process name
+        # e.g., "pkill -f 'node server.js'" -> target is "node server.js", process is "node"
+        t = arg.split()[0] if " " in arg else arg
+        targets.append(t)

-    # For -f flag (full command line match), extract the first word as process name
-    # e.g., "pkill -f 'node server.js'" -> target is "node server.js", process is "node"
-    if " " in target:
-        target = target.split()[0]
-
-    if target in allowed_process_names:
+    disallowed = [t for t in targets if t not in allowed_process_names]
+    if not disallowed:
        return True, ""
    return False, f"pkill only allowed for processes: {sorted(allowed_process_names)}"