Skip to content

Check for command substitutions in arithmetic expressions#39

Merged
ldayton merged 1 commit intomainfrom
fix-arith-cmdsub
Jan 17, 2026
Merged

Check for command substitutions in arithmetic expressions#39
ldayton merged 1 commit intomainfrom
fix-arith-cmdsub

Conversation

@ldayton
Copy link
Copy Markdown
Owner

@ldayton ldayton commented Jan 17, 2026

Summary

  • (( expr )) can contain $(cmd) which executes arbitrary commands
  • Add _find_cmdsubs_in_arith() to recursively walk arithmetic AST
  • Analyze any embedded command substitutions for safety

@ldayton
Check for command substitutions in arithmetic expressions
3f352d7 
(( expr )) can contain $(cmd) which executes arbitrary commands.
Recursively walk the arithmetic AST to find and analyze any cmdsubs.
@ldayton ldayton merged commit 46e644f into main Jan 17, 2026
2 checks passed
@ldayton ldayton deleted the fix-arith-cmdsub branch January 17, 2026 09:01
orgoj added a commit to orgoj/Dippy that referenced this pull request Jan 17, 2026
@orgoj
Merge commit '77d03a7' into orgoj
9280bbe 
* commit '77d03a7':
  Fix docs consistency
  Update docs: core philosophy and config rename
  Remove CLAUDE.md
  Remove unused GEMINI_MODE and CURSOR_MODE
  Remove dead code from cli/
  Allowlist philosophy and security hardening
  Add support for coproc and cond-expr constructs (ldayton#41)
  Make awk internal redirects respect redirect rules (ldayton#42)
  Add tee handler that respects redirect rules (ldayton#40)
  Check for command substitutions in arithmetic expressions (ldayton#39)
  Add support for negation and arith-cmd constructs (ldayton#38)
  Add MCP tool rules support (ldayton#37)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ldayton