Skip to content

fix: prevent bypassing .rooignore restrictions via terminal commands #7215

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
+7 −4
Closed

fix: prevent bypassing .rooignore restrictions via terminal commands #7215

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/core/ignore/RooIgnoreController.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -196,6 +196,6 @@ export class RooIgnoreController {
return undefined
}

return `# .rooignore\n\n(The following is provided by a root-level .rooignore file where the user has specified files and directories that should not be accessed. When using list_files, you'll notice a ${LOCK_TEXT_SYMBOL} next to files that are blocked. Attempting to access the file's contents e.g. through read_file will result in an error.)\n\n${this.rooIgnoreContent}\n.rooignore`
return `# .rooignore\n\n(The following is provided by a root-level .rooignore file where the user has specified files and directories that should not be accessed. When using list_files, you'll notice a ${LOCK_TEXT_SYMBOL} next to files that are blocked. Attempting to access the file's contents e.g. through read_file will result in an error. IMPORTANT: Do NOT attempt to bypass these restrictions by using terminal commands to read the file contents - this violates the user's explicit access restrictions.)\n\n${this.rooIgnoreContent}\n.rooignore`
Copy link
Contributor Author

@roomote roomote bot Aug 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The warning message works well, but I'm wondering if we should also enhance the validateCommand method (lines 111-160) to actively block terminal commands that attempt to read ignored files? Currently it returns the blocked file path but doesn't seem to be actively used to prevent command execution. Could this be a follow-up enhancement to make the restriction enforcement more robust?

}
}
1 change: 1 addition & 0 deletions src/core/ignore/__tests__/RooIgnoreController.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -368,6 +368,7 @@ describe("RooIgnoreController", () => {
// Verify instruction format
expect(instructions).toContain("# .rooignore")
expect(instructions).toContain(LOCK_TEXT_SYMBOL)
expect(instructions).toContain("Do NOT attempt to bypass these restrictions by using terminal commands")
expect(instructions).toContain("node_modules")
expect(instructions).toContain(".git")
expect(instructions).toContain("secrets/**")
Expand Down
2 changes: 2 additions & 0 deletions src/core/prompts/__tests__/responses-rooignore.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ describe("RooIgnore Response Formatting", () => {
expect(errorMessage).toContain("Access to secrets/api-keys.json is blocked by the .rooignore file settings")
expect(errorMessage).toContain("continue in the task without using this file")
expect(errorMessage).toContain("ask the user to update the .rooignore file")
expect(errorMessage).toContain("Do NOT attempt to bypass this restriction by using terminal commands")
})

/**
Expand Down Expand Up @@ -220,6 +221,7 @@ describe("RooIgnore Response Formatting", () => {
// Verify format and content
expect(instructions).toContain("# .rooignore")
expect(instructions).toContain(LOCK_TEXT_SYMBOL)
expect(instructions).toContain("Do NOT attempt to bypass these restrictions by using terminal commands")
expect(instructions).toContain("node_modules")
expect(instructions).toContain(".git")
expect(instructions).toContain("secrets/**")
Expand Down
2 changes: 1 addition & 1 deletion src/core/prompts/responses.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ export const formatResponse = {
toolError: (error?: string) => `The tool execution failed with the following error:\n<error>\n${error}\n</error>`,

rooIgnoreError: (path: string) =>
`Access to ${path} is blocked by the .rooignore file settings. You must try to continue in the task without using this file, or ask the user to update the .rooignore file.`,
`Access to ${path} is blocked by the .rooignore file settings. You must try to continue in the task without using this file, or ask the user to update the .rooignore file. IMPORTANT: Do NOT attempt to bypass this restriction by using terminal commands (like cat, head, tail, etc.) to read the file contents - this violates the user's explicit access restrictions.`,
Copy link
Contributor Author

@roomote roomote bot Aug 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The warning message is quite verbose. Would it be clearer if we made it more concise? Something like: "IMPORTANT: Terminal commands must not be used to bypass .rooignore restrictions." Just a thought - the current version is certainly explicit about what not to do.


noToolsUsed: () =>
`[ERROR] You did not use a tool in your previous response! Please retry with a tool use.
Expand Down
4 changes: 2 additions & 2 deletions src/core/tools/__tests__/readFileTool.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ vi.mock("../../prompts/responses", () => ({
),
rooIgnoreError: vi.fn(
(path: string) =>
`Access to ${path} is blocked by the .rooignore file settings. You must try to continue in the task without using this file, or ask the user to update the .rooignore file.`,
`Access to ${path} is blocked by the .rooignore file settings. You must try to continue in the task without using this file, or ask the user to update the .rooignore file. IMPORTANT: Do NOT attempt to bypass this restriction by using terminal commands (like cat, head, tail, etc.) to read the file contents - this violates the user's explicit access restrictions.`,
),
toolResult: toolResultMock,
imageBlocks: imageBlocksMock,
Expand Down Expand Up @@ -1322,7 +1322,7 @@ describe("read_file tool XML output structure", () => {

// Verify
expect(result).toBe(
`<files>\n<file><path>${testFilePath}</path><error>Access to ${testFilePath} is blocked by the .rooignore file settings. You must try to continue in the task without using this file, or ask the user to update the .rooignore file.</error></file>\n</files>`,
`<files>\n<file><path>${testFilePath}</path><error>Access to ${testFilePath} is blocked by the .rooignore file settings. You must try to continue in the task without using this file, or ask the user to update the .rooignore file. IMPORTANT: Do NOT attempt to bypass this restriction by using terminal commands (like cat, head, tail, etc.) to read the file contents - this violates the user's explicit access restrictions.</error></file>\n</files>`,
)
})
})
Expand Down
Loading