Class: Rubino::Security::CommandAllowlist

Inherits:

Object

Object
Rubino::Security::CommandAllowlist

show all

Defined in:: lib/rubino/security/command_allowlist.rb

Overview

Manages a whitelist of shell commands that can be executed without confirmation.

Instance Method Summary collapse

#allowed?(command) ⇒ Boolean

Returns true if the command matches an entry in the allowlist.
#initialize(config: nil) ⇒ CommandAllowlist constructor

A new instance of CommandAllowlist.

Constructor Details

#initialize(config: nil) ⇒ `CommandAllowlist`

Returns a new instance of CommandAllowlist.

# File 'lib/rubino/security/command_allowlist.rb', line 7

def initialize(config: nil)
  @config = config || Rubino.configuration
  @allowlist = @config.security_command_allowlist
end

Instance Method Details

#allowed?(command) ⇒ `Boolean`

Returns true if the command matches an entry in the allowlist. An EMPTY allowlist matches NOTHING — pre-approval is opt-in, so an unconfigured allowlist must never auto-approve everything.

Returns:

(Boolean)

# File 'lib/rubino/security/command_allowlist.rb', line 15

def allowed?(command)
  return false if @allowlist.empty?

  @allowlist.any? do |allowed|
    command.strip.start_with?(allowed.strip)
  end
end