17973fc3dc
- New shell_escape() utility for safe command interpolation - Applied across all MCP tools, docker, scanner, network commands - MCP server generates random bearer token at startup - Token written to mcp-token file with 0600 permissions - All MCP HTTP requests require Authorization header - Bridge binary reads token and sends on every request Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
20 lines
645 B
Rust
20 lines
645 B
Rust
//! Shared utility functions.
|
|
|
|
/// Escape a string for safe interpolation into a POSIX shell command.
|
|
///
|
|
/// Wraps the input in single quotes and escapes any embedded single quotes
|
|
/// using the `'\''` technique. This prevents command injection when building
|
|
/// shell commands from user-supplied values.
|
|
///
|
|
/// # Examples
|
|
///
|
|
/// ```
|
|
/// # use wraith_lib::utils::shell_escape;
|
|
/// assert_eq!(shell_escape("hello"), "'hello'");
|
|
/// assert_eq!(shell_escape("it's"), "'it'\\''s'");
|
|
/// assert_eq!(shell_escape(";rm -rf /"), "';rm -rf /'");
|
|
/// ```
|
|
pub fn shell_escape(input: &str) -> String {
|
|
format!("'{}'", input.replace('\'', "'\\''"))
|
|
}
|