pub fn shell_command() -> Sanitizer<ShellArg>Expand description
Sanitizer for values interpolated into shell command strings.
Use when the value will be evaluated by a shell: sh -c "...",
SSH remote commands, docker exec ... sh -c "...", CI/CD run:
blocks, or legacy system()/popen() calls.
§Rules
ShellMetaRule—;,|,&,$, backtick,(),{},<>, etc.ControlCharRule— NUL, newline, ANSI escapesEnvExpansionRule—$HOME,${SECRET},%USERPROFILE%GlobRule—*,?,[,],{,}
§Example
use shell_sanitize_rules::presets;
let s = presets::shell_command();
// Safe argument
assert!(s.sanitize("my-branch-name").is_ok());
// Shell injection
assert!(s.sanitize("branch; rm -rf /").is_err());
// Prompt injection → env variable exfiltration
assert!(s.sanitize("$AWS_SECRET_ACCESS_KEY").is_err());