mirror of
https://github.com/pchuan98/codex.git
synced 2026-07-01 00:31:56 +08:00
58f0e5ab74
As described in detail in `codex-rs/execpolicy/README.md` introduced in this PR, `execpolicy` is a tool that lets you define a set of _patterns_ used to match [`execv(3)`](https://linux.die.net/man/3/execv) invocations. When a pattern is matched, `execpolicy` returns the parsed version in a structured form that is amenable to static analysis. The primary use case is to define patterns match commands that should be auto-approved by a tool such as Codex. This supports a richer pattern matching mechanism that the sort of prefix-matching we have done to date, e.g.: https://github.com/openai/codex/blob/5e40d9d2211737f46136610497bcd9a8271009e0/codex-cli/src/approvals.ts#L333-L354 Note we are still playing with the API and the `system_path` option in particular still needs some work.
24 lines
545 B
Rust
24 lines
545 B
Rust
use codex_execpolicy::parse_sed_command;
|
|
use codex_execpolicy::Error;
|
|
|
|
#[test]
|
|
fn parses_simple_print_command() {
|
|
assert_eq!(parse_sed_command("122,202p"), Ok(()));
|
|
}
|
|
|
|
#[test]
|
|
fn rejects_malformed_print_command() {
|
|
assert_eq!(
|
|
parse_sed_command("122,202"),
|
|
Err(Error::SedCommandNotProvablySafe {
|
|
command: "122,202".to_string(),
|
|
})
|
|
);
|
|
assert_eq!(
|
|
parse_sed_command("122202"),
|
|
Err(Error::SedCommandNotProvablySafe {
|
|
command: "122202".to_string(),
|
|
})
|
|
);
|
|
}
|