Remove unused code

Author: mrubens

webview-ui/src/utils/__tests__/command-validation.spec.ts

@@ -11,7 +11,6 @@ import {
 	getSingleCommandDecision,
 	CommandValidator,
 	createCommandValidator,
-	containsSubshell,
 } from "../command-validation"
 
 describe("Command Validation", () => {
@@ -43,66 +42,6 @@ describe("Command Validation", () => {
 			expect(parseCommand("diff <(sort f1) <(sort f2)")).toEqual(["diff", "sort f1", "sort f2"])
 		})
 
-		it("detects additional subshell patterns", () => {
-			// Test $[] arithmetic expansion detection
-			expect(parseCommand("echo $[1 + 2]")).toEqual(["echo $[1 + 2]"])
-
-			// Verify containsSubshell detects all subshell patterns
-			expect(containsSubshell("echo $[1 + 2]")).toBe(true) // $[] arithmetic expansion
-			expect(containsSubshell("echo $((1 + 2))")).toBe(true) // $(()) arithmetic expansion
-			expect(containsSubshell("echo $(date)")).toBe(true) // $() command substitution
-			expect(containsSubshell("echo `date`")).toBe(true) // backtick substitution
-			expect(containsSubshell("diff <(sort f1) <(sort f2)")).toBe(true) // process substitution
-			expect(containsSubshell("echo hello")).toBe(false) // no subshells
-		})
-
-		it("detects subshell grouping patterns", () => {
-			// Basic subshell grouping with shell operators
-			expect(containsSubshell("(ls; rm file)")).toBe(true)
-			expect(containsSubshell("(cd /tmp && rm -rf *)")).toBe(true)
-			expect(containsSubshell("(command1 || command2)")).toBe(true)
-			expect(containsSubshell("(ls | grep test)")).toBe(true)
-			expect(containsSubshell("(sleep 10 & echo done)")).toBe(true)
-
-			// Nested subshells
-			expect(containsSubshell("(cd /tmp && (rm -rf * || echo failed))")).toBe(true)
-
-			// Multiple operators in subshell
-			expect(containsSubshell("(cmd1; cmd2 && cmd3 | cmd4)")).toBe(true)
-
-			// Subshell with spaces
-			expect(containsSubshell("( ls ; rm file )")).toBe(true)
-		})
-
-		it("does NOT detect legitimate parentheses usage", () => {
-			// Function calls should not be flagged as subshells
-			expect(containsSubshell("myfunction(arg1, arg2)")).toBe(false)
-			expect(containsSubshell("func( arg1, arg2 )")).toBe(false)
-
-			// Simple parentheses without operators
-			expect(containsSubshell("(simple text)")).toBe(false)
-
-			// Parentheses in strings
-			expect(containsSubshell('echo "this (has) parentheses"')).toBe(false)
-
-			// Empty parentheses
-			expect(containsSubshell("()")).toBe(false)
-		})
-
-		it("handles mixed subshell patterns", () => {
-			// Mixed subshell types
-			expect(containsSubshell("(echo $(date); rm file)")).toBe(true)
-
-			// Subshell with command substitution
-			expect(containsSubshell("(ls `pwd`; echo done)")).toBe(true)
-
-			// No subshells
-			expect(containsSubshell("echo hello world")).toBe(false)
-
-			// Empty string
-			expect(containsSubshell("")).toBe(false)
-		})
-
 		it("handles empty and whitespace input", () => {
 			expect(parseCommand("")).toEqual([])
 			expect(parseCommand("	")).toEqual([])
@@ -899,7 +838,6 @@ describe("Unified Command Decision Functions", () => {
 
 					expect(details.decision).toBe("auto_approve")
 					expect(details.subCommands).toEqual(["npm install", "echo done"])
-					expect(details.hasSubshells).toBe(false)
 					expect(details.allowedMatches).toHaveLength(2)
 					expect(details.deniedMatches).toHaveLength(2)
 
@@ -912,12 +850,10 @@ describe("Unified Command Decision Functions", () => {
 
 				it("detects subshells correctly", () => {
 					const details = validator.getValidationDetails("npm install $(echo test)")
-					expect(details.hasSubshells).toBe(true)
 					expect(details.decision).toBe("auto_approve") // all commands are allowed
 
 					// Test with denied prefix in subshell
 					const detailsWithDenied = validator.getValidationDetails("npm install $(npm test)")
-					expect(detailsWithDenied.hasSubshells).toBe(true)
 					expect(detailsWithDenied.decision).toBe("auto_deny") // npm test is denied
 				})
 

webview-ui/src/utils/command-validation.ts

@@ -58,65 +58,6 @@ type ShellToken = string | { op: string } | { command: string }
  * This allows users to have personal defaults while projects can define specific restrictions.
  */
 
-/**
- * Detect subshell usage and command substitution patterns that could be security risks.
- *
- * Subshells allow executing commands in isolated environments and can be used to bypass
- * command validation by hiding dangerous commands inside substitution patterns.
- *
- * Detected patterns:
- * - $() - command substitution: executes command and substitutes output
- * - `` - backticks (legacy command substitution): same as $() but older syntax
- * - <() - process substitution (input): creates temporary file descriptor for command output
- * - >() - process substitution (output): creates temporary file descriptor for command input
- * - $(()) - arithmetic expansion: evaluates mathematical expressions (can contain commands)
- * - $[] - arithmetic expansion (alternative syntax): same as $(()) but older syntax
- * - (cmd1; cmd2) - subshell grouping: executes multiple commands in isolated subshell
- *
- * @param source - The command string to analyze for subshell patterns
- * @returns true if any subshell patterns are detected, false otherwise
- *
- * @example
- * ```typescript
- * // Command substitution - executes 'date' and substitutes its output
- * containsSubshell("echo $(date)")     // true
- *
- * // Backtick substitution - legacy syntax for command substitution
- * containsSubshell("echo `date`")      // true
- *
- * // Process substitution - creates file descriptor for command output
- * containsSubshell("diff <(sort f1)")  // true
- *
- * // Arithmetic expansion - can contain command execution
- * containsSubshell("echo $((1+2))")    // true
- * containsSubshell("echo $[1+2]")      // true
- *
- * // Subshell grouping - executes commands in isolated environment
- * containsSubshell("(ls; rm file)")    // true
- * containsSubshell("(cd /tmp && rm -rf *)")  // true
- *
- * // Safe patterns that should NOT be flagged
- * containsSubshell("func(arg1, arg2)") // false - function call, not subshell
- * containsSubshell("echo hello")       // false - no subshell patterns
- * containsSubshell("(simple text)")    // false - no shell operators in parentheses
- * ```
- */
-export function containsSubshell(source: string): boolean {
-	// Check for command substitution, process substitution, and arithmetic expansion patterns
-	// These patterns allow executing commands and substituting their output, which can bypass validation
-	const commandSubstitutionPatterns = /(\$\()|`|(<\(|>\()|(\$\(\()|(\$\[)/.test(source)
-
-	// Check for subshell grouping: parentheses containing shell command operators
-	// Pattern explanation: \( = literal opening paren, [^)]* = any chars except closing paren,
-	// [;&|]+ = one or more shell operators (semicolon, ampersand, pipe), [^)]* = any chars except closing paren, \) = literal closing paren
-	// This detects dangerous patterns like: (cmd1; cmd2), (cmd1 && cmd2), (cmd1 || cmd2), (cmd1 | cmd2), (cmd1 & cmd2)
-	// But avoids false positives like function calls: func(arg1, arg2) - no shell operators inside
-	const subshellGroupingPattern = /\([^)]*[;&|]+[^)]*\)/.test(source)
-
-	// Return true if any subshell pattern is detected
-	return commandSubstitutionPatterns || subshellGroupingPattern
-}
-
 /**
  * Split a command string into individual sub-commands by
  * chaining operators (&&, ||, ;, |, or &) and newlines.
@@ -681,10 +622,8 @@ export class CommandValidator {
 		subCommands: string[]
 		allowedMatches: Array<{ command: string; match: string | null }>
 		deniedMatches: Array<{ command: string; match: string | null }>
-		hasSubshells: boolean
 	} {
 		const subCommands = parseCommand(command)
-		const hasSubshells = containsSubshell(command)
 
 		const allowedMatches = subCommands.map((cmd) => ({
 			command: cmd,
@@ -701,7 +640,6 @@ export class CommandValidator {
 			subCommands,
 			allowedMatches,
 			deniedMatches,
-			hasSubshells,
 		}
 	}