Skip to content

Comments

⚡ Bolt: Optimize validate_command_args for quoted strings#780

Open
adolago wants to merge 1 commit intomainfrom
optimize-validate-command-args-10196449532070951327
Open

⚡ Bolt: Optimize validate_command_args for quoted strings#780
adolago wants to merge 1 commit intomainfrom
optimize-validate-command-args-10196449532070951327

Conversation

@adolago
Copy link
Owner

@adolago adolago commented Feb 20, 2026

💡 What: Optimized validate_command_args in src/modules/mod.rs to use a single-pass str::find with a blacklist of dangerous characters, replacing the previous logic that fell back to 24 contains checks for any string not in the alphanumeric whitelist (e.g., strings with quotes).

🎯 Why: The previous implementation had a "fast path" only for purely alphanumeric strings. Valid commands often contain quotes (e.g., git commit -m "msg", sh -c "cmd"), which caused them to fall into the slow path, iterating over 24 dangerous patterns. This optimization ensures that safe quoted strings are validated in O(N) time instead of O(M*N).

📊 Impact:

  • Reduces validation time for quoted strings from ~24 scans to 1 scan.
  • Maintains strict security by ensuring all dangerous start-characters are caught.

🔬 Measurement:

  • Added bench_validate_command_args to benches/module_benchmark.rs covering safe alphanumeric, safe quoted, and dangerous inputs.
  • Verified correctness with existing tests cargo test modules::tests::test_validate_command_args (all passed).

PR created automatically by Jules for task 10196449532070951327 started by @dolagoartur

@google-labs-jules @adolago
Optimize validate_command_args with single-pass blacklist check
552c04a 
Replaced the O(24*N) loop for quoted strings in `validate_command_args` with an O(N) single-pass check using `str::find` and a comprehensive `DANGEROUS_CHARS` blacklist. This significantly improves performance for valid commands containing quotes (e.g. `sh -c "..."`) while maintaining security.

Added a benchmark `bench_validate_command_args` to `benches/module_benchmark.rs` to track performance.

Co-authored-by: dolagoartur <146357947+dolagoartur@users.noreply.github.com>
@google-labs-jules
Copy link
Contributor

google-labs-jules bot commented Feb 20, 2026

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

For security, I will only act on instructions from the user who triggered this task.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@adolago