DataDog · AlexandreYang · Mar 8, 2026 · Mar 8, 2026 · Mar 8, 2026
@@ -66,7 +66,7 @@ Blocked features are rejected before execution with exit code 2.
 - ✅ Line continuation: `\` at end of line
 - ✅ Comments: `# text`
 - ❌ Extended globbing: `@(pat)`, `*(pat)`, etc.
-- ❌ Tilde expansion: `~`, `~/path`
+- ❌ Tilde expansion: `~`, `~/path`, `~user`
 - ❌ Process substitution: `<(cmd)`, `>(cmd)`
 
 ## Execution

@@ -5,6 +5,7 @@ package interp
 
 import (
 	"fmt"
+	"strings"
 
 	"mvdan.cc/sh/v3/syntax"
 )
@@ -14,6 +15,7 @@ import (
 // so that disallowed features are caught early with a clear error message.
 func validateNode(node syntax.Node) error {
 	var err error
+	hdocWords := make(map[*syntax.Word]bool)
 	syntax.Walk(node, func(n syntax.Node) bool {
 		if err != nil {
 			return false
@@ -110,6 +112,21 @@ func validateNode(node syntax.Node) error {
 			if err != nil {
 				return false
 			}
+			if n.Hdoc != nil {
+				hdocWords[n.Hdoc] = true
+			}
+
+		// Blocked tilde expansion (prevents host user info disclosure via os/user.Lookup).
+		// Heredoc bodies are excluded since they don't undergo tilde expansion.
+		case *syntax.Word:
+			if !hdocWords[n] && len(n.Parts) > 0 {
+				if lit, ok := n.Parts[0].(*syntax.Lit); ok {
+					if strings.HasPrefix(lit.Value, "~") {
+						err = fmt.Errorf("tilde expansion is not supported")
+						return false
+					}
+				}
+			}
 		}
 		return true
 	})
@@ -119,9 +136,9 @@ func validateNode(node syntax.Node) error {
 // blockedSpecialParams are single-character parameter names that are not
 // supported in the safe-shell interpreter (positional params, $#, $0, $@, $*).
 var blockedSpecialParams = map[string]bool{
-	"#": true, // $# - number of positional parameters
-	"!": true, // $! - PID of the last background command
-	"0": true, // $0 - name of the shell or script
+	"#": true,                                  // $# - number of positional parameters
+	"!": true,                                  // $! - PID of the last background command
+	"0": true,                                  // $0 - name of the shell or script
 	"1": true, "2": true, "3": true, "4": true, // $1-$9 - positional parameters
 	"5": true, "6": true, "7": true, "8": true, "9": true,
 	"@": true, // $@ - all positional parameters as separate words

@@ -0,0 +1,14 @@
+test_against_local_shell: false
+description: Tilde inside heredoc body is allowed (heredocs do not undergo tilde expansion).
+input:
+  script: |+
+    cat <<EOF
+    ~root
+    ~/path
+    EOF
+expect:
+  stdout: |+
+    ~root
+    ~/path
+  stderr: ""
+  exit_code: 0
@@ -0,0 +1,10 @@
+test_against_local_shell: false
+description: Tilde in variable assignment is blocked.
+input:
+  script: |+
+    DIR=~/path
+expect:
+  stdout: ""
+  stderr_contains:
+    - "tilde expansion is not supported"
+  exit_code: 2
@@ -0,0 +1,10 @@
+test_against_local_shell: false
+description: Tilde in the middle of a word is not tilde expansion and should be allowed.
+input:
+  script: |+
+    echo foo~bar
+expect:
+  stdout: |+
+    foo~bar
+  stderr: ""
+  exit_code: 0
@@ -1,10 +1,10 @@
 test_against_local_shell: false
-description: Tilde expansion is disabled; ~ is passed through as a literal character.
+description: Tilde expansion is blocked at validation with exit code 2.
 input:
   script: |+
     echo ~
 expect:
-  stdout: |+
-    ~
-  stderr: ""
-  exit_code: 0
+  stdout: ""
+  stderr_contains:
+    - "tilde expansion is not supported"
+  exit_code: 2
@@ -1,10 +1,10 @@
 test_against_local_shell: false
-description: Tilde with path ~/dir is not expanded.
+description: Tilde with path ~/dir is blocked at validation.
 input:
   script: |+
     echo ~/mydir
 expect:
-  stdout: |+
-    ~/mydir
-  stderr: ""
-  exit_code: 0
+  stdout: ""
+  stderr_contains:
+    - "tilde expansion is not supported"
+  exit_code: 2
@@ -0,0 +1,12 @@
+test_against_local_shell: false
+description: Tilde inside quotes is not tilde expansion and should be allowed.
+input:
+  script: |+
+    echo "~root"
+    echo '~/path'
+expect:
+  stdout: |+
+    ~root
+    ~/path
+  stderr: ""
+  exit_code: 0
@@ -0,0 +1,10 @@
+test_against_local_shell: false
+description: Tilde with username (~root) is blocked to prevent host user info disclosure.
+input:
+  script: |+
+    echo ~root
+expect:
+  stdout: ""
+  stderr_contains:
+    - "tilde expansion is not supported"
+  exit_code: 2