BashTool input validation security hardening

[RinZ27]

The BashTool currently allows some potentially unsafe shell syntax to pass through command parsing. We need to harden the input validation to prevent command injection and ensure a safer execution environment.

Specific improvements needed:

• Validate command names against invalid characters.
• Detect and block dangerous shell syntax like pipelines and redirections during parsing.
• Ensure the execution environment is sane.

[github-actions]

This issue might be a duplicate of existing issues. Please check:

• [Security Bug] Subagent permissions not enforced - configured restrictions ignored #7474: [Security Bug] Subagent permissions not enforced - configured restrictions ignored

While #7474 addresses permission enforcement for subagents, it's related to the overall security hardening of bash/tool execution. Feel free to ignore if this doesn't address your specific case.

[RinZ27]

Thanks for the heads up. Reviewed #7474, but this issue focuses specifically on input validation and sanitization for the BashTool itself, whereas #7474 deals with permission enforcement layers. Proceeding with this as a separate task.

[github-actions]

To stay organized issues are automatically closed after 90 days of no activity. If the issue is still relevant please open a new one.

[RinZ27]

@thdxr bumping this so the bot doesn't auto-close it. BashTool's input validation is still worth looking into, and I'd be happy to help out if you're tied up with other tasks. Just let me know if you want me to take a pass at it.

[RinZ27]

Implemented the requested security hardening for BashTool in PR #19290.

The implementation now strictly validates input to prevent command injection and ensures a sane execution environment. I also updated the test suite to match these new security constraints. everything is green on my end.