-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathblock-database-access.sh
More file actions
executable file
·36 lines (30 loc) · 1.77 KB
/
Copy pathblock-database-access.sh
File metadata and controls
executable file
·36 lines (30 loc) · 1.77 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#!/bin/bash
# Block direct database CLI access and cloud-sql-proxy socket usage.
# Defense-in-depth: complements deny rules in settings.json.
# Exit code 2 blocks the tool and sends stderr as feedback to Claude.
INPUT=$(cat)
CMD=$(echo "$INPUT" | jq -r '.tool_input.command // ""' 2>/dev/null)
# Extract the first token of the command (the actual binary being invoked)
# This avoids false positives when DB keywords appear in commit messages, strings, etc.
FIRST_TOKEN=$(echo "$CMD" | sed 's/^[[:space:]]*//' | awk '{print $1}')
# Block MySQL CLI tools invoked as primary command
DB_TOOLS="mysql|mysqldump|mysqladmin|mysqlsh|mycli"
if echo "$FIRST_TOKEN" | grep -qEi "^($DB_TOOLS)$"; then
echo "BLOCKED: Direct database CLI access is forbidden. Use the application layer (API, ORM) to interact with databases. This rule protects production data from unintended modifications." >&2
exit 2
fi
# Block DB tools invoked after pipe, semicolon, &&, || or via subshell
if echo "$CMD" | grep -qEi '(;|\||&&|\|\|)\s*(mysql|mysqldump|mysqladmin|mysqlsh|mycli)\b'; then
echo "BLOCKED: Direct database CLI access is forbidden (chained command detected). Use the application layer instead." >&2
exit 2
fi
# Block DB tools invoked via docker exec or similar wrappers
if echo "$CMD" | grep -qEi 'exec\s+(--?\w+\s+)*\w+\s+(mysql|mysqldump|mysqladmin|mysqlsh|mycli)\b'; then
echo "BLOCKED: Direct database CLI access via container exec is forbidden. Use the application layer instead." >&2
exit 2
fi
# Block any reference to cloud-sql-proxy sockets
if echo "$CMD" | grep -qF '/tmp/cloud-sql-proxy-sockets'; then
echo "BLOCKED: Direct access to cloud-sql-proxy sockets is forbidden. These sockets provide raw access to production databases. Use the application layer instead." >&2
exit 2
fi