Skip to content

Handle mixed-case URLs in Windows command safety#30879

Open
charliemarsh-oai wants to merge 1 commit into
mainfrom
charlie/fix-windows-url-case-sensitivity
Open

Handle mixed-case URLs in Windows command safety#30879
charliemarsh-oai wants to merge 1 commit into
mainfrom
charlie/fix-windows-url-case-sensitivity

Conversation

@charliemarsh-oai

Copy link
Copy Markdown
Contributor

Summary

  • recognize embedded HTTP(S) URL prefixes case-insensitively in Windows dangerous-command detection
  • add regression coverage for uppercase and mixed-case schemes inside Start-Process invocations

Why

PowerShell and URL parsing treat schemes case-insensitively, but the pre-parser only searched for lowercase http:// and https://. When a URL appeared in the same shlex token as surrounding PowerShell syntax, such as Start-Process('HTTPS://example.com');, the prefix was not stripped and the command was incorrectly classified as not dangerous.

Validated with the scoped codex-shell-command suite (138 tests) and a direct classifier reproduction that failed before the change and passed afterward.

@charliemarsh-oai charliemarsh-oai added bug Something isn't working windows-os Issues related to Codex on Windows systems labels Jul 2, 2026
@charliemarsh-oai charliemarsh-oai marked this pull request as ready for review July 2, 2026 00:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug Something isn't working windows-os Issues related to Codex on Windows systems

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant