Skip to content

fix: don't auto approve git -C ...#20085

Merged
owenlin0 merged 3 commits intomainfrom
owen/dont_autoapprove_git_C
Apr 28, 2026
Merged

fix: don't auto approve git -C ...#20085
owenlin0 merged 3 commits intomainfrom
owen/dont_autoapprove_git_C

Conversation

@owenlin0
Copy link
Copy Markdown
Collaborator

@owenlin0 owenlin0 commented Apr 28, 2026
edited
Loading

It's safer to make sure these commands go through approval flows.

@owenlin0 owenlin0 marked this pull request as ready for review April 28, 2026 21:27
bolinfest
bolinfest reviewed Apr 28, 2026
View reviewed changes
Comment thread codex-rs/shell-command/src/command_safety/is_safe_command.rs Outdated
assert_eq!(
is_known_safe_command(&vec_str(&["git", "-C", ".", "branch", "--show-current"])),
true
false
Copy link
Copy Markdown
Collaborator

@bolinfest bolinfest Apr 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know you have to update this to make the test pass, but I don't think this illustrated what this test was trying to prove anymore. I think the idea is that git branch --show-current should be safe/read-only whereas git branch -d feature is not.

Copy link
Copy Markdown
Collaborator Author

@owenlin0 owenlin0 Apr 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah good call, let me rewrite this to preserve that intention

Copy link
Copy Markdown
Collaborator

@bolinfest bolinfest Apr 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Incidentally, Rust prefers using assert!(thing) to assert_eq!(thing, true) and using assert!(!thing) to assert_eq!(!thing, false) and pretty_assertions::assert_eq isn't doing much for us here AFAICT so it's weird that it's imported just for this function.

bolinfest
bolinfest reviewed Apr 28, 2026
View reviewed changes
Comment thread codex-rs/shell-command/src/command_safety/is_dangerous_command.rs
matches!(
arg,
"-c" | "--config-env"
"-C" | "-c"
Copy link
Copy Markdown
Collaborator

@bolinfest bolinfest Apr 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Somewhere in here we should comment on why we reject when we see -C.

@owenlin0 owenlin0 enabled auto-merge (squash) April 28, 2026 21:41
@owenlin0 owenlin0 merged commit 2e598df into main Apr 28, 2026
25 checks passed
@owenlin0 owenlin0 deleted the owen/dont_autoapprove_git_C branch April 28, 2026 22:06
@github-actions github-actions Bot locked and limited conversation to collaborators Apr 28, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@bolinfest bolinfest bolinfest approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@owenlin0 @bolinfest