in codex-cli/src/approvals.ts [510:575]
function isEntireShellExpressionSafe(
parts: ReadonlyArray<ParseEntry>,
): SafeCommandReason | null {
if (parts.length === 0) {
return null;
}
try {
// Collect command segments delimited by operators. `shell-quote` represents
// subshell grouping parentheses as literal strings "(" and ")"; treat them
// as unsafe to keep the logic simple (since subshells could introduce
// unexpected scope changes).
let currentSegment: Array<string> = [];
let firstReason: SafeCommandReason | null = null;
const flushSegment = (): boolean => {
if (currentSegment.length === 0) {
return true; // nothing to validate (possible leading operator)
}
const assessment = isSafeCommand(currentSegment);
if (assessment == null) {
return false;
}
if (firstReason == null) {
firstReason = assessment;
}
currentSegment = [];
return true;
};
for (const part of parts) {
if (typeof part === "string") {
// If this string looks like an open/close parenthesis or brace, treat as
// unsafe to avoid parsing complexity.
if (part === "(" || part === ")" || part === "{" || part === "}") {
return null;
}
currentSegment.push(part);
} else if (isParseEntryWithOp(part)) {
// Validate the segment accumulated so far.
if (!flushSegment()) {
return null;
}
// Validate the operator itself.
if (!SAFE_SHELL_OPERATORS.has(part.op)) {
return null;
}
} else {
// Unknown token type
return null;
}
}
// Validate any trailing command segment.
if (!flushSegment()) {
return null;
}
return firstReason;
} catch (_err) {
// If there's any kind of failure, just bail out and return null.
return null;
}
}