rust-expect 0.1.0

Next-generation Expect-style terminal automation library for Rust
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240

//! Command and argument validation.
//!
//! This module provides validation functions for commands and arguments
//! to prevent security issues such as command injection.

use crate::error::{ExpectError, SpawnError};

/// Characters that are potentially dangerous in shell contexts.
///
/// These characters can be used for command injection or have special meanings
/// in shell environments. While the library uses `execve` directly (not through a shell),
/// validating these helps prevent issues when commands are logged, displayed, or
/// when users accidentally pass shell-interpreted strings.
pub const SHELL_METACHARACTERS: &[char] = &[
    ';', '&', '|', '`', '$', '(', ')', '{', '}', '[', ']', '<', '>', '!', '*', '?', '#', '~', '\\',
    '"', '\'', '\n', '\r',
];

/// Validation options for command arguments.
#[derive(Debug, Clone, Default)]
pub struct ValidationOptions {
    /// Whether to reject null bytes.
    pub reject_null_bytes: bool,
    /// Whether to reject shell metacharacters.
    pub reject_shell_metacharacters: bool,
    /// Whether to reject empty strings.
    pub reject_empty: bool,
}

impl ValidationOptions {
    /// Create strict validation options (rejects null bytes and empty strings).
    #[must_use]
    pub const fn strict() -> Self {
        Self {
            reject_null_bytes: true,
            reject_shell_metacharacters: false,
            reject_empty: true,
        }
    }

    /// Create paranoid validation options (rejects all potentially dangerous characters).
    #[must_use]
    pub const fn paranoid() -> Self {
        Self {
            reject_null_bytes: true,
            reject_shell_metacharacters: true,
            reject_empty: true,
        }
    }

    /// Create permissive validation options (only rejects null bytes).
    #[must_use]
    pub const fn permissive() -> Self {
        Self {
            reject_null_bytes: true,
            reject_shell_metacharacters: false,
            reject_empty: false,
        }
    }
}

/// Check if a string contains null bytes.
#[must_use]
pub fn contains_null_byte(s: &str) -> bool {
    s.contains('\0')
}

/// Check if a string contains shell metacharacters.
#[must_use]
pub fn contains_shell_metachar(s: &str) -> bool {
    s.chars().any(|c| SHELL_METACHARACTERS.contains(&c))
}

/// Find the first shell metacharacter in a string.
#[must_use]
pub fn find_shell_metachar(s: &str) -> Option<char> {
    s.chars().find(|c| SHELL_METACHARACTERS.contains(c))
}

/// Validate a command string.
///
/// # Arguments
///
/// * `command` - The command to validate
/// * `options` - Validation options
///
/// # Returns
///
/// Returns `Ok(())` if the command is valid, or an error describing why it's invalid.
pub fn validate_command(command: &str, options: &ValidationOptions) -> crate::error::Result<()> {
    if options.reject_empty && command.is_empty() {
        return Err(ExpectError::Spawn(SpawnError::InvalidArgument {
            kind: "command".to_string(),
            value: String::new(),
            reason: "command cannot be empty".to_string(),
        }));
    }

    if options.reject_null_bytes && contains_null_byte(command) {
        return Err(ExpectError::Spawn(SpawnError::InvalidArgument {
            kind: "command".to_string(),
            value: command.to_string(),
            reason: "command contains null byte".to_string(),
        }));
    }

    if options.reject_shell_metacharacters
        && let Some(c) = find_shell_metachar(command)
    {
        return Err(ExpectError::Spawn(SpawnError::InvalidArgument {
            kind: "command".to_string(),
            value: command.to_string(),
            reason: format!("command contains shell metacharacter '{c}'"),
        }));
    }

    Ok(())
}

/// Validate a command argument.
///
/// # Arguments
///
/// * `arg` - The argument to validate
/// * `options` - Validation options
///
/// # Returns
///
/// Returns `Ok(())` if the argument is valid, or an error describing why it's invalid.
pub fn validate_argument(arg: &str, options: &ValidationOptions) -> crate::error::Result<()> {
    if options.reject_null_bytes && contains_null_byte(arg) {
        return Err(ExpectError::Spawn(SpawnError::InvalidArgument {
            kind: "argument".to_string(),
            value: arg.to_string(),
            reason: "argument contains null byte".to_string(),
        }));
    }

    if options.reject_shell_metacharacters
        && let Some(c) = find_shell_metachar(arg)
    {
        return Err(ExpectError::Spawn(SpawnError::InvalidArgument {
            kind: "argument".to_string(),
            value: arg.to_string(),
            reason: format!("argument contains shell metacharacter '{c}'"),
        }));
    }

    Ok(())
}

/// Validate a command and all its arguments.
///
/// # Arguments
///
/// * `command` - The command to validate
/// * `args` - The arguments to validate
/// * `options` - Validation options
///
/// # Returns
///
/// Returns `Ok(())` if all inputs are valid, or an error describing the first invalid input.
pub fn validate_command_with_args<I, S>(
    command: &str,
    args: I,
    options: &ValidationOptions,
) -> crate::error::Result<()>
where
    I: IntoIterator<Item = S>,
    S: AsRef<str>,
{
    validate_command(command, options)?;

    for arg in args {
        validate_argument(arg.as_ref(), options)?;
    }

    Ok(())
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_null_byte_detection() {
        assert!(contains_null_byte("hello\0world"));
        assert!(!contains_null_byte("hello world"));
    }

    #[test]
    fn test_shell_metachar_detection() {
        assert!(contains_shell_metachar("echo; rm -rf"));
        assert!(contains_shell_metachar("$(whoami)"));
        assert!(contains_shell_metachar("hello | world"));
        assert!(!contains_shell_metachar("hello_world"));
        assert!(!contains_shell_metachar("/usr/bin/test"));
    }

    #[test]
    fn test_validate_command_null_byte() {
        let opts = ValidationOptions::strict();
        assert!(validate_command("test\0cmd", &opts).is_err());
        assert!(validate_command("test_cmd", &opts).is_ok());
    }

    #[test]
    fn test_validate_command_empty() {
        let strict = ValidationOptions::strict();
        let permissive = ValidationOptions::permissive();

        assert!(validate_command("", &strict).is_err());
        assert!(validate_command("", &permissive).is_ok());
    }

    #[test]
    fn test_validate_command_metachar() {
        let paranoid = ValidationOptions::paranoid();
        let strict = ValidationOptions::strict();

        assert!(validate_command("echo; rm", &paranoid).is_err());
        assert!(validate_command("echo; rm", &strict).is_ok());
    }

    #[test]
    fn test_validate_argument() {
        let opts = ValidationOptions::strict();
        assert!(validate_argument("normal_arg", &opts).is_ok());
        assert!(validate_argument("--flag", &opts).is_ok());
        assert!(validate_argument("arg\0value", &opts).is_err());
    }

    #[test]
    fn test_validate_command_with_args() {
        let opts = ValidationOptions::strict();

        assert!(validate_command_with_args("/bin/echo", ["hello", "world"], &opts).is_ok());
        assert!(validate_command_with_args("/bin/echo", ["hello\0world"], &opts).is_err());
    }
}