parseForSecurity(cmd)
│
▼
parseCommandRaw(cmd) → AST root node
│
▼
预检查:控制字符、Unicode 空白、反斜杠+空白、
zsh ~[ ] 语法、zsh =cmd 展开、大括号+引号混淆
│
▼
walkProgram(root) → collectCommands(root, commands, varScope)
│
├── 'command' → walkCommand()
├── 'pipeline'/'list' → 结构性,递归子节点
├── 'for_statement' → 跟踪循环变量为 VAR_PLACEHOLDER
├── 'if/while' → 作用域隔离的分支
├── 'subshell' → 作用域复制
├── 'variable_assignment' → walkVariableAssignment()
├── 'declaration_command' → 验证 declare/export flags
├── 'test_command' → walk test expressions
└── 其他 → tooComplex()
│
▼
checkSemantics(commands)
├── EVAL_LIKE_BUILTINS(eval, source, exec, trap...)
├── ZSH_DANGEROUS_BUILTINS(zmodload, emulate...)
├── SUBSCRIPT_EVAL_FLAGS(test -v, printf -v, read -a)
├── Shell keywords as argv[0](误解析检测)
├── /proc/*/environ 访问
├── jq system() 和危险 flags
└── 包装器剥离(time, nohup, timeout, nice, env, stdbuf)