security: prevent bare wildcard '*' from matching all commands

Add validation to reject bare wildcards for security: - matches_pattern(): return False if pattern == '*' - validate_project_command(): reject name == '*' with clear error - Added 4 new tests for bare wildcard rejection This prevents a config with from matching every command, which would be a major security risk. Tests: 140 unit tests passing (added 4 bare wildcard tests)
2026-03-17 10:53:09 +00:00 · 2026-01-22 12:40:31 +01:00
parent a9a0fcd865
commit d1dac1383d
2 changed files with 19 additions and 0 deletions
--- a/test_security.py
+++ b/test_security.py
@@ -178,6 +178,11 @@ def test_pattern_matching():
        ("swift", "swift*", True, "swift matches swift*"),
        ("npm", "swift*", False, "npm doesn't match swift*"),

+        # Bare wildcard (security: should NOT match anything)
+        ("npm", "*", False, "bare wildcard doesn't match npm"),
+        ("sudo", "*", False, "bare wildcard doesn't match sudo"),
+        ("anything", "*", False, "bare wildcard doesn't match anything"),
+
        # Local script paths
        ("build.sh", "./scripts/build.sh", True, "script name matches path"),
        ("./scripts/build.sh", "./scripts/build.sh", True, "exact script path"),
@@ -293,6 +298,9 @@ def test_command_validation():
        ({"name": ""}, False, "empty name"),
        ({"name": 123}, False, "non-string name"),

+        # Security: Bare wildcard not allowed
+        ({"name": "*"}, False, "bare wildcard rejected"),
+
        # Blocklisted commands
        ({"name": "sudo"}, False, "blocklisted sudo"),
        ({"name": "shutdown"}, False, "blocklisted shutdown"),