48 lines
1.1 KiB
Python
48 lines
1.1 KiB
Python
#!/usr/bin/env python3
|
|
"""Block obviously destructive shell commands before Codex runs them."""
|
|
|
|
from __future__ import annotations
|
|
|
|
import json
|
|
import re
|
|
import sys
|
|
|
|
|
|
BLOCK_PATTERNS = (
|
|
r"\brm\s+-rf\b",
|
|
r"\bgit\s+push\s+--force(?:-with-lease)?\b",
|
|
r"\bgit\s+reset\s+--hard\b",
|
|
r"\bDROP\s+TABLE\b",
|
|
r"\btruncate\s+table\b",
|
|
r"\bRemove-Item\b.*\b-Recurse\b",
|
|
r"\bdel\b\s+/s\b",
|
|
)
|
|
|
|
|
|
def main() -> int:
|
|
try:
|
|
payload = json.load(sys.stdin)
|
|
except json.JSONDecodeError:
|
|
return 0
|
|
|
|
command = payload.get("tool_input", {}).get("command", "")
|
|
for pattern in BLOCK_PATTERNS:
|
|
if re.search(pattern, command, re.IGNORECASE):
|
|
json.dump(
|
|
{
|
|
"hookSpecificOutput": {
|
|
"hookEventName": "PreToolUse",
|
|
"permissionDecision": "deny",
|
|
"permissionDecisionReason": "Harness guardrail blocked a risky shell command.",
|
|
}
|
|
},
|
|
sys.stdout,
|
|
)
|
|
return 0
|
|
|
|
return 0
|
|
|
|
|
|
if __name__ == "__main__":
|
|
raise SystemExit(main())
|