Expand description
Shell command deobfuscation for pre-blocklist normalization.
Transforms common obfuscation techniques (hex/octal escapes, subshell expansion, variable references, quote-based concatenation) into readable equivalents before the command is evaluated by the blocklist and permission policy.
§Limitations
Single-pass: subshell content ($(...), `...`) is replaced with a
[subshell: ...] placeholder but NOT re-scanned. The blocklist independently
rejects $( and ` metacharacters, so nested constructs are caught at
that layer rather than here.
Functions§
- deobfuscate
- Normalize an obfuscated shell command string for blocklist and policy evaluation.