add command shell blacklist and whitelist (#3950)

Co-authored-by: k-boikov <64261260+k-boikov@users.noreply.github.com>
Co-authored-by: Nicholas Tindle <nick@ntindle.com>
Co-authored-by: Richard Beales <rich@richbeales.net>

autogpt/commands/execute_code.py

@@ -97,6 +97,32 @@ def execute_python_file(filename: str) -> str:
         return f"Error: {str(e)}"
 
 
+def validate_command(command: str) -> bool:
+    """Validate a command to ensure it is allowed
+
+    Args:
+        command (str): The command to validate
+
+    Returns:
+        bool: True if the command is allowed, False otherwise
+    """
+    tokens = command.split()
+
+    if not tokens:
+        return False
+
+    if CFG.deny_commands and tokens[0] not in CFG.deny_commands:
+        return False
+
+    for keyword in CFG.allow_commands:
+        if keyword in tokens:
+            return True
+    if CFG.allow_commands:
+        return False
+
+    return True
+
+
 @command(
     "execute_shell",
     "Execute Shell Command, non-interactive commands only",
@@ -115,6 +141,9 @@ def execute_shell(command_line: str) -> str:
     Returns:
         str: The output of the command
     """
+    if not validate_command(command_line):
+        logger.info(f"Command '{command_line}' not allowed")
+        return "Error: This Shell Command is not allowed."
 
     current_dir = Path.cwd()
     # Change dir into workspace if necessary
@@ -153,6 +182,9 @@ def execute_shell_popen(command_line) -> str:
     Returns:
         str: Description of the fact that the process started and its id
     """
+    if not validate_command(command_line):
+        logger.info(f"Command '{command_line}' not allowed")
+        return "Error: This Shell Command is not allowed."
 
     current_dir = os.getcwd()
     # Change dir into workspace if necessary