Implement environment variable syntax handling in command line auto-approver

Copilot · Tyriar · Copilot · commit 34e7cb0c16f1 · 2025-08-01T13:29:40.000Z
Co-authored-by: Tyriar &lt;2193314+Tyriar@users.noreply.github.com&gt;
diff --git a/src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/commandLineAutoApprover.ts b/src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/commandLineAutoApprover.ts
@@ -100,13 +100,40 @@ export class CommandLineAutoApprover extends Disposable {
 		return { result: 'noMatch', reason: `Command line '${commandLine}' has no matching auto approve entries` };
 	}
 
+	private _extractCommandFromEnvAssignments(command: string, shell: string, os: OperatingSystem): string {
+		// Trim leading/trailing whitespace
+		const trimmedCommand = command.trim();
+		
+		if (isPowerShell(shell, os)) {
+			// PowerShell environment variable syntax: $env:VAR='value'; command
+			// We'll keep the current behavior as PowerShell has different patterns
+			return trimmedCommand;
+		}
+		
+		// For bash/sh/bourne shell and unknown shells (fallback to bourne shell syntax)
+		// Handle environment variable assignments like: VAR=value VAR2=value command
+		const envVarPattern = /^([A-Za-z_][A-Za-z0-9_]*=(?:[^\s'"]|'[^']*'|"[^"]*")*\s+)+/;
+		const match = trimmedCommand.match(envVarPattern);
+		
+		if (match) {
+			// Remove the environment variable assignments from the beginning
+			const actualCommand = trimmedCommand.slice(match[0].length).trim();
+			return actualCommand || trimmedCommand; // Fallback to original if nothing left
+		}
+		
+		return trimmedCommand;
+	}
+
 	private _commandMatchesRegex(regex: RegExp, command: string, shell: string, os: OperatingSystem): boolean {
-		if (regex.test(command)) {
+		// First extract the actual command from any environment variable assignments
+		const actualCommand = this._extractCommandFromEnvAssignments(command, shell, os);
+		
+		if (regex.test(actualCommand)) {
 			return true;
-		} else if (isPowerShell(shell, os) && command.startsWith('(')) {
+		} else if (isPowerShell(shell, os) && actualCommand.startsWith('(')) {
 			// Allow ignoring of the leading ( for PowerShell commands as it's a command pattern to
 			// operate on the output of a command. For example `(Get-Content README.md) ...`
-			if (regex.test(command.slice(1))) {
+			if (regex.test(actualCommand.slice(1))) {
 				return true;
 			}
 		}
diff --git a/src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/browser/commandLineAutoApprover.test.ts b/src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/browser/commandLineAutoApprover.test.ts
@@ -610,4 +610,112 @@ suite('CommandLineAutoApprover', () => {
 			});
 		});
 	});
+
+	suite('environment variable handling', () => {
+		test('should handle environment variable assignments before commands in bash/sh', () => {
+			shell = 'bash';
+			os = OperatingSystem.Linux;
+			
+			setAutoApprove({
+				"env": true,
+				"echo": true
+			});
+
+			// Basic environment variable assignment
+			ok(isAutoApproved('FOO=bar env'));
+			ok(isAutoApproved('FOO=bar echo test'));
+			
+			// Multiple environment variables
+			ok(isAutoApproved('FOO=bar BAZ=qux env'));
+			ok(isAutoApproved('PATH=/usr/bin HOME=/home/user echo hello'));
+			
+			// Environment variables with quoted values
+			ok(isAutoApproved('MESSAGE="hello world" echo test'));
+			ok(isAutoApproved("GREETING='hello there' echo test"));
+			
+			// Complex command after environment variables
+			ok(isAutoApproved('DEBUG=1 env | grep DEBUG'));
+		});
+
+		test('should not match denied commands even with environment variables', () => {
+			shell = 'bash';
+			os = OperatingSystem.Linux;
+			
+			setAutoApprove({
+				"env": true,
+				"rm": false
+			});
+
+			// Should approve env command with environment variable
+			ok(isAutoApproved('FOO=bar env'));
+			
+			// Should deny rm command even with environment variable
+			ok(!isAutoApproved('FOO=bar rm file.txt'));
+		});
+
+		test('should handle environment variables with different shell types', () => {
+			setAutoApprove({
+				"echo": true
+			});
+
+			// Bash/sh should handle VAR=value syntax
+			shell = 'bash';
+			os = OperatingSystem.Linux;
+			ok(isAutoApproved('FOO=bar echo test'));
+
+			// PowerShell should keep current behavior (not parse VAR=value as env vars)
+			shell = 'powershell';
+			os = OperatingSystem.Windows;
+			ok(!isAutoApproved('FOO=bar echo test')); // This should not match since FOO=bar is not recognized as env var syntax in PowerShell
+		});
+
+		test('should fallback to original command if no environment variables detected', () => {
+			shell = 'bash';
+			os = OperatingSystem.Linux;
+			
+			setAutoApprove({
+				"echo": true
+			});
+
+			// Commands without environment variables should work as before
+			ok(isAutoApproved('echo hello'));
+			ok(isAutoApproved('echo test'));
+			
+			// Commands that look like they might have env vars but don't match the pattern
+			ok(isAutoApproved('echo FOO=bar')); // This is an argument to echo, not an env var assignment
+		});
+
+		test('should handle edge cases in environment variable parsing', () => {
+			shell = 'bash';
+			os = OperatingSystem.Linux;
+			
+			setAutoApprove({
+				"echo": true
+			});
+
+			// Empty value
+			ok(isAutoApproved('FOO= echo test'));
+			
+			// Underscore in variable name
+			ok(isAutoApproved('MY_VAR=test echo hello'));
+			
+			// Number in variable name (but not at start)
+			ok(isAutoApproved('VAR1=test echo hello'));
+			
+			// Should not match if variable name starts with number (invalid)
+			ok(!isAutoApproved('1VAR=test echo hello')); // This should not be parsed as env var
+		});
+
+		test('should handle unknown shell types by defaulting to bourne shell syntax', () => {
+			shell = 'unknown-shell';
+			os = OperatingSystem.Linux;
+			
+			setAutoApprove({
+				"echo": true
+			});
+
+			// Unknown shells should default to bourne shell behavior
+			ok(isAutoApproved('FOO=bar echo test'));
+		});
+	});
 });
