fix(security-review): Handle null shell output (#231)

Normalize shell command stdout and stderr before the prompt-shell path and shared tool-result mappers use string operations. This prevents /security-review from crashing when a shell tool returns null output fields and adds regression coverage for both direct mapper calls and prompt generation. Fixes #165 Co-authored-by: Claude <noreply@anthropic.com>
2026-04-03 13:44:28 +05:30
parent 72c6e97094
commit f3a984dde1
5 changed files with 191 additions and 23 deletions
--- a/src/tools/BashTool/BashTool.tsx
+++ b/src/tools/BashTool/BashTool.tsx
--- a/src/tools/PowerShellTool/PowerShellTool.tsx
+++ b/src/tools/PowerShellTool/PowerShellTool.tsx
--- a/src/tools/shellToolResultMappers.test.ts
+++ b/src/tools/shellToolResultMappers.test.ts
@@ -0,0 +1,71 @@
+import { expect, test } from 'bun:test'
+import { BashTool } from './BashTool/BashTool.js'
+import { PowerShellTool } from './PowerShellTool/PowerShellTool.js'
+
+test('BashTool result mapper tolerates null stderr', () => {
+  const result = BashTool.mapToolResultToToolResultBlockParam(
+    {
+      stdout: 'ok',
+      stderr: null as unknown as string,
+      interrupted: false,
+    },
+    'tool-1',
+  )
+
+  expect(result).toMatchObject({
+    type: 'tool_result',
+    tool_use_id: 'tool-1',
+    content: 'ok',
+  })
+})
+
+test('BashTool result mapper tolerates null stdout', () => {
+  const result = BashTool.mapToolResultToToolResultBlockParam(
+    {
+      stdout: null as unknown as string,
+      stderr: 'problem',
+      interrupted: false,
+    },
+    'tool-2',
+  )
+
+  expect(result).toMatchObject({
+    type: 'tool_result',
+    tool_use_id: 'tool-2',
+    content: 'problem',
+  })
+})
+
+test('PowerShellTool result mapper tolerates null stderr', () => {
+  const result = PowerShellTool.mapToolResultToToolResultBlockParam(
+    {
+      stdout: 'ok',
+      stderr: null as unknown as string,
+      interrupted: false,
+    },
+    'tool-3',
+  )
+
+  expect(result).toMatchObject({
+    type: 'tool_result',
+    tool_use_id: 'tool-3',
+    content: 'ok',
+  })
+})
+
+test('PowerShellTool result mapper tolerates null stdout', () => {
+  const result = PowerShellTool.mapToolResultToToolResultBlockParam(
+    {
+      stdout: null as unknown as string,
+      stderr: 'problem',
+      interrupted: false,
+    },
+    'tool-4',
+  )
+
+  expect(result).toMatchObject({
+    type: 'tool_result',
+    tool_use_id: 'tool-4',
+    content: 'problem',
+  })
+})