d93c518a14
Co-authored-by: Cursor <cursoragent@cursor.com>
30 lines
702 B
Python
30 lines
702 B
Python
"""Safety policy for recursive remote chmod."""
|
|
|
|
from __future__ import annotations
|
|
|
|
# Paths that must never receive chmod -R / chown -R via the UI.
|
|
FORBIDDEN_RECURSIVE_CHMOD_PATHS = frozenset({
|
|
"/",
|
|
"/bin",
|
|
"/boot",
|
|
"/dev",
|
|
"/etc",
|
|
"/lib",
|
|
"/lib64",
|
|
"/proc",
|
|
"/run",
|
|
"/sbin",
|
|
"/sys",
|
|
"/usr",
|
|
"/var",
|
|
})
|
|
|
|
RECURSIVE_CHMOD_TIMEOUT_SEC = 300
|
|
SINGLE_CHMOD_TIMEOUT_SEC = 15
|
|
|
|
|
|
def assert_recursive_chmod_allowed(remote_path: str) -> None:
|
|
"""Raise ValueError if recursive chmod must be rejected for this path."""
|
|
if remote_path in FORBIDDEN_RECURSIVE_CHMOD_PATHS:
|
|
raise ValueError(f"禁止对系统路径递归修改权限: {remote_path}")
|