Merge pull request #1069 from RooVetGit/auto_approve_wildcard

mrubens · web-flow · commit ebfe57b1ee4f · 2025-02-19T12:21:24.000-05:00
Allow setting a wildcard for auto-approve commands
diff --git a/.changeset/wet-games-pay.md b/.changeset/wet-games-pay.md
@@ -0,0 +1,5 @@
+---
+"roo-cline": patch
+---
+
+Allow setting a wildcard for auto-approve commands
diff --git a/webview-ui/src/components/settings/SettingsView.tsx b/webview-ui/src/components/settings/SettingsView.tsx
@@ -401,7 +401,7 @@ const SettingsView = ({ onDone }: SettingsViewProps) => {
 										color: "var(--vscode-descriptionForeground)",
 									}}>
 									Command prefixes that can be auto-executed when "Always approve execute operations"
-									is enabled.
+									is enabled. Add * to allow all commands (use with caution).
 								</p>
 
 								<div style={{ display: "flex", gap: "5px", marginTop: "10px" }}>
diff --git a/webview-ui/src/utils/__tests__/command-validation.test.ts b/webview-ui/src/utils/__tests__/command-validation.test.ts
@@ -106,5 +106,16 @@ describe("Command Validation", () => {
 			expect(validateCommand("", allowedCommands)).toBe(true)
 			expect(validateCommand("	", allowedCommands)).toBe(true)
 		})
+
+		it("allows all commands when wildcard is present", () => {
+			const wildcardAllowedCommands = ["*"]
+			// Should allow any command, including dangerous ones
+			expect(validateCommand("rm -rf /", wildcardAllowedCommands)).toBe(true)
+			expect(validateCommand("dangerous-command", wildcardAllowedCommands)).toBe(true)
+			expect(validateCommand("npm test && rm -rf /", wildcardAllowedCommands)).toBe(true)
+			// Should even allow subshell commands that are normally blocked
+			expect(validateCommand("npm test $(echo dangerous)", wildcardAllowedCommands)).toBe(true)
+			expect(validateCommand("npm test `rm -rf /`", wildcardAllowedCommands)).toBe(true)
+		})
 	})
 })
diff --git a/webview-ui/src/utils/command-validation.ts b/webview-ui/src/utils/command-validation.ts
@@ -104,6 +104,9 @@ export function isAllowedSingleCommand(command: string, allowedCommands: string[
 export function validateCommand(command: string, allowedCommands: string[]): boolean {
 	if (!command?.trim()) return true
 
+	// If '*' is in allowed commands, everything is allowed
+	if (allowedCommands?.includes("*")) return true
+
 	// Block subshell execution attempts
 	if (command.includes("$(") || command.includes("`")) {
 		return false

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +"roo-cline": patch
 +---
++
 +Allow setting a wildcard for auto-approve commands