Skip to content

feat: add warning for /sdcard exec #2147

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
RohitKushvaha01 wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: add warning for /sdcard exec #2147

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9aef3a7
feat: add warning for /sdcard exec
RohitKushvaha01 Jun 4, 2026
e2785e6
format
RohitKushvaha01 Jun 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 0 additions & 16 deletions package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 4 additions & 1 deletion src/components/terminal/terminal.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,10 @@ import confirm from "dialogs/confirm";
import fonts from "lib/fonts";
import appSettings from "lib/settings";
import LigaturesAddon from "./ligatures";
import { getTerminalSettings } from "./terminalDefaults";
import {
DEFAULT_TERMINAL_SETTINGS,
getTerminalSettings,
} from "./terminalDefaults";
import TerminalThemeManager from "./terminalThemeManager";
import TerminalTouchSelection from "./terminalTouchSelection";

Expand Down
54 changes: 54 additions & 0 deletions src/plugins/terminal/scripts/init-alpine.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -240,6 +240,60 @@ if [ -s /etc/acode_motd ]; then
cat /etc/acode_motd
fi

check_binary_execution() {
local cmd="$1"
local cmd_path=""

# Ignore shell builtins, keywords, etc.
[[ -z "$cmd" ]] && return

# If user executed a path directly (./foo, /path/foo)
if [[ "$cmd" == */* ]]; then
cmd_path="$(realpath "$cmd" 2>/dev/null)"
else
cmd_path="$(command -v "$cmd" 2>/dev/null)"

# Resolve symlinks/relative paths
if [[ -n "$cmd_path" ]]; then
cmd_path="$(realpath "$cmd_path" 2>/dev/null)"
fi
fi

[[ -z "$cmd_path" ]] && return
[[ ! -f "$cmd_path" ]] && return

if [[ "$cmd_path" == /storage/* ]] || \
[[ "$cmd_path" == /sdcard/* ]]; then
echo -e "\e[1;31m[!] ATTENTION REQUIRED\e[0m

\e[1;31mThe binary is located in:\e[0m
\e[36m$cmd_path\e[0m

\e[1;31mBinaries cannot be executed reliably from /sdcard or /storage.\e[0m
These locations are backed by Android's external storage layer and do not support normal Linux executable permissions.

Move your project or binary to a directory under:
\e[1;32m/home/\e[0m

Example:
\e[1;32mmv myproject ~/myproject\e[0m
\e[1;32mcd ~/myproject\e[0m

Then run the binary again.
" >&2
fi
}

preexec() {
# Skip commands executed by the trap itself
[[ "$BASH_COMMAND" == trap* ]] && return

local cmd="${BASH_COMMAND%% *}"
check_binary_execution "$cmd"
}
Comment on lines +287 to +293
Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps Bot Jun 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 preexec function name collides with bash-preexec convention

The function name preexec is the standard hook name used by the bash-preexec library, which Starship, fzf, and many other tools hook into. Using this exact name means any .bashrc that sources bash-preexec will silently override this function (or vice versa), producing unpredictable results. Rename it to something app-specific to avoid the collision.

Suggested change
preexec() {
# Skip commands executed by the trap itself
[[ "$BASH_COMMAND" == trap* ]] && return
local cmd="${BASH_COMMAND%% *}"
check_binary_execution "$cmd"
}
_acode_preexec() {
# Skip commands executed by the trap itself
[[ "$BASH_COMMAND" == trap* ]] && return
local cmd="${BASH_COMMAND%% *}"
check_binary_execution "$cmd"
}

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

Comment on lines +288 to +293
Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps Bot Jun 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 BASH_COMMAND == trap* guard comment is misleading

The comment says "Skip commands executed by the trap itself", but bash automatically suppresses DEBUG trap re-entrancy — the trap can't fire recursively inside its own handler. What this guard actually does is skip the warning when a user types a command that starts with trap (the builtin). The comment should reflect this, or the guard should be removed if trapping trap commands is not the intent.

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!


trap 'preexec' DEBUG
Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps Bot Jun 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 DEBUG trap overwrites any existing trap set by .bashrc

.bashrc is sourced at line 229-231, before trap 'preexec' DEBUG is set at line 295. Any tool that sets its own DEBUG trap inside .bashrc — Starship, fzf, bash-preexec, or similar prompt frameworks — will have its trap silently overwritten, breaking prompt timing, history hooks, and preexec callbacks entirely. The existing trap should be read with trap -p DEBUG and chained rather than replaced outright.

Comment on lines +243 to +295
Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps Bot Jun 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 DEBUG trap spawns subprocesses on every command

The check_binary_execution function calls command -v and realpath (both fork a process) for every single command typed in the shell. Because the DEBUG trap fires before each simple command — including those inside loops, pipelines, and subshells — this adds measurable latency to every interactive command. Consider guarding early on cheap heuristics (e.g., only enter the expensive path when cmd contains /) before calling command -v and realpath.


# Command-not-found handler
command_not_found_handle() {
cmd="$1"
Expand Down