pub fn command_writes(cmd: &str) -> boolExpand description
Detect whether a command line contains any operation that WRITES, DELETES, or otherwise mutates a filesystem path.
The set deliberately matches operations as seen at the SHELL level:
rm, redirects, here-docs, mv, cp, dd, tee, chmod, chown,
in-place sed -i, tar -x, and so on. Pure reads (cat, grep,
head, tail, ls, find -print, wc, awk, sed -n, …) are
NOT write verbs and return false here.
Used by fs.sensitive_path_write_or_delete and any future rule that
pairs sensitive_paths: with the implied write-verb gate.