From 52ea324129999587f268c61f1b7d31480eee07a1 Mon Sep 17 00:00:00 2001
From: zx <109937991+asdfzxcvbn@users.noreply.github.com>
Date: Mon, 13 Nov 2023 20:50:30 -0500
Subject: [PATCH 1/2] fix(security): bypass allowed cmds

---
 backend/terminal.ts | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/backend/terminal.ts b/backend/terminal.ts
index 2a31f17..f6e06cc 100644
--- a/backend/terminal.ts
+++ b/backend/terminal.ts
@@ -219,11 +219,14 @@ export class MainTerminal extends InteractiveTerminal {
         // Check if the command is allowed
         const cmdParts = input.split(" ");
         const executable = cmdParts[0].trim();
+        const knownOperators = ["&&", "||", "&", ";"];
         log.debug("console", "Executable: " + executable);
         log.debug("console", "Executable length: " + executable.length);
 
         if (!allowedCommandList.includes(executable)) {
             throw new Error("Command not allowed.");
+        } else if (knownOperators.some(operator => input.includes(operator))) {
+            throw new Error("Control operators are not allowed.");
         }
         super.write(input);
     }

From 673fb8f8dd18e0ba5752578f058fca0c1bdc428c Mon Sep 17 00:00:00 2001
From: zx <109937991+asdfzxcvbn@users.noreply.github.com>
Date: Mon, 13 Nov 2023 20:58:09 -0500
Subject: [PATCH 2/2] refactor: unneeded extra check

---
 backend/terminal.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/terminal.ts b/backend/terminal.ts
index f6e06cc..005c63a 100644
--- a/backend/terminal.ts
+++ b/backend/terminal.ts
@@ -219,7 +219,7 @@ export class MainTerminal extends InteractiveTerminal {
         // Check if the command is allowed
         const cmdParts = input.split(" ");
         const executable = cmdParts[0].trim();
-        const knownOperators = ["&&", "||", "&", ";"];
+        const knownOperators = ["||", "&", ";"];
         log.debug("console", "Executable: " + executable);
         log.debug("console", "Executable length: " + executable.length);