check_path
Validate file path safety for write or delete operations to protect sensitive system files and directories from unintended modifications.
Instructions
Check if a file path operation is safe. Protects .env, .ssh/, .aws/credentials, private keys, /etc/passwd, etc.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| path | Yes | File path to check | |
| operation | Yes | Operation type |
Implementation Reference
- src/core/engine.ts:284-306 (handler)The 'checkPath' method is defined within the ShellWard class in src/core/engine.ts. It validates a given file path against a list of protected paths, returning a result indicating whether the path is allowed or blocked based on the configured security mode.
checkPath(path: string, operation: 'write' | 'delete', toolName?: string): CheckResult { const enforce = this.config.mode === 'enforce' const normalizedPath = normalizePath(path) for (const rule of PROTECTED_PATHS) { if (rule.pattern.test(normalizedPath)) { const desc = this.locale === 'zh' ? rule.description_zh : rule.description_en const reason = this.locale === 'zh' ? `禁止操作受保护路径: ${path}\n原因: ${desc}` : `Protected path blocked: ${path}\nReason: ${desc}` this.log.write({ level: 'HIGH', layer: 'L3', action: enforce ? 'block' : 'detect', detail: reason, tool: toolName, pattern: rule.id, }) return { allowed: false, level: 'HIGH', reason, ruleId: rule.id } } } return { allowed: true } }