fix(core): require approval for force delete on Windows #8590
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| let has_force = tokens | ||
| .iter() | ||
| .any(|t| t == "-force" || t.starts_with("-force:")); |
There was a problem hiding this comment.
-Force with trailing separators
This check only matches tokens exactly equal to -force or starting with -force:, but PowerShell command sequences commonly use semicolons to separate statements (e.g., Remove-Item test -Force; Write-Host done). With the current shlex tokenization, the -Force; token retains the semicolon, so has_force stays false and the dangerous delete is not flagged. That leaves a bypass for the approval prompt in a common usage pattern; consider trimming trailing ; (and similar separators) on tokens before the -force check or normalizing punctuation the same way URL detection does.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
I've updated the logic to trim common trailing punctuation (;, ), }, ]) from the tokens before checking for the -Force flag. This should handle cases like remove-Item test -force; or usages inside ([{ correctly.
I opted for trim_end_matches here for performance/simplicity since we strictly care about the flag suffix, though we can switch to a fuller Regex approach (like the URL detector uses) if we hit more complex edge cases.
hdcodedev
changed the title
1 participant
What
Implemented detection for dangerous "force delete" commands on Windows to trigger the user approval prompt when
--ask-for-approval on-requestis set. This aligns Windows behavior with the existing safety checks forrm -rfon Linux.Why
Fixes #8567 - a critical safety gap where destructive Windows commands could bypass the approval prompt. This prevents accidental data loss by ensuring the user explicitly confirms operations that would otherwise suppress the OS's native confirmation prompts.
How
Updated the Windows command safety module to identify and flag the following patterns as dangerous:
Remove-Item(and aliases) when used with the-Forceflag.del /f(force delete files).rd /s /q(recursive delete quiet).rd /s(without/q) is NOT flagged because it already natively prompts the user.Testing
Added comprehensive unit tests covering:
Remove-Item -Path 'test' -Recurse -Force(Exact reproduction case).del /f(Flagged).rd /s /q(Flagged).rd /s(Not flagged - confirms no false positives).cargo testandcargo clippy.