From 8668653241b94b71ab30f2cb8881ccbfe284a0c8 Mon Sep 17 00:00:00 2001
From: "blink-so[bot]" <211532188+blink-so[bot]@users.noreply.github.com>
Date: Fri, 12 Sep 2025 14:17:33 +0000
Subject: [PATCH 1/2] Rename --script flag to --sh and use sh from PATH

- Rename --script flag to --sh for consistency with other flags
- Remove -s shorthand to match --js and --js-file (no shorthand)
- Change shell execution to use 'sh' from PATH instead of $SHELL
- Update all documentation and help text
- Update conflicts_with clauses in clap args

Co-authored-by: ammario <7416144+ammario@users.noreply.github.com>
---
 README.md           | 21 ++++++++-------------
 src/main.rs         | 12 ++++++------
 src/rules/script.rs |  3 +--
 3 files changed, 15 insertions(+), 21 deletions(-)

diff --git a/README.md b/README.md
index 67ef4e3f..44a21eb7 100644
--- a/README.md
+++ b/README.md
@@ -42,7 +42,7 @@ httpjail --request-log requests.log --js "true" -- npm install
 # Log format: "<timestamp> <+/-> <METHOD> <URL>" (+ = allowed, - = blocked)
 
 # Use custom script for request evaluation
-httpjail --script /path/to/check.sh -- ./my-app
+httpjail --sh /path/to/check.sh -- ./my-app
 # Script receives: HTTPJAIL_URL, HTTPJAIL_METHOD, HTTPJAIL_HOST, HTTPJAIL_SCHEME, HTTPJAIL_PATH
 # Exit 0 to allow, non-zero to block. stdout becomes additional context in 403 response.
 
@@ -170,26 +170,21 @@ Instead of writing JavaScript, you can use a custom script to evaluate each requ
 
 ```bash
 # Simple script example
-cat > check_request.sh << 'EOF'
 #!/bin/bash
-# Allow only GitHub and reject everything else
-if [[ "$HTTPJAIL_HOST" == "github.com" ]]; then
-    exit 0
+if [ "$HTTPJAIL_HOST" = "github.com" ] && [ "$HTTPJAIL_METHOD" = "GET" ]; then
+    exit 0  # Allow the request
 else
-    echo "Access denied: $HTTPJAIL_HOST is not on the allowlist"
-    exit 1
+    exit 1  # Block the request
 fi
-EOF
-chmod +x check_request.sh
 
 # Use the script
-httpjail --script ./check_request.sh -- curl https://github.com
+httpjail --sh ./check_request.sh -- curl https://github.com
 
 # Inline script (with spaces, executed via shell)
-httpjail --script '[ "$HTTPJAIL_HOST" = "github.com" ] && exit 0 || exit 1' -- git pull
+httpjail --sh '[ "$HTTPJAIL_HOST" = "github.com" ] && exit 0 || exit 1' -- git pull
 ```
 
-If `--script` has spaces, it's run through `$SHELL` (default `/bin/sh`); otherwise it's executed directly.
+If `--sh` has spaces, it's run through `sh`; otherwise it's executed directly.
 
 **Environment variables provided to the script:**
 
@@ -259,7 +254,7 @@ All request information is available via the `r` object:
 - JavaScript evaluation is generally faster than external script execution
 
 > [!NOTE]
-> The `--js` flag conflicts with `--script` and `--js-file`. Only one evaluation method can be used at a time.
+> The `--js` flag conflicts with `--sh` and `--js-file`. Only one evaluation method can be used at a time.
 
 ### Advanced Options
 
diff --git a/src/main.rs b/src/main.rs
index 23619e21..9577bf28 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -22,8 +22,8 @@ struct Args {
     ///   HTTPJAIL_URL, HTTPJAIL_METHOD, HTTPJAIL_HOST, HTTPJAIL_SCHEME, HTTPJAIL_PATH
     /// Exit code 0 allows the request, non-zero blocks it
     /// stdout becomes additional context in the 403 response
-    #[arg(short = 's', long = "script", value_name = "PROG")]
-    script: Option<String>,
+    #[arg(long = "sh", value_name = "PROG")]
+    sh: Option<String>,
 
     /// Use JavaScript (V8) for evaluating requests
     /// The JavaScript code receives global variables:
@@ -33,7 +33,7 @@ struct Args {
     #[arg(
         long = "js",
         value_name = "CODE",
-        conflicts_with = "script",
+        conflicts_with = "sh",
         conflicts_with = "js_file"
     )]
     js: Option<String>,
@@ -43,7 +43,7 @@ struct Args {
     #[arg(
         long = "js-file",
         value_name = "FILE",
-        conflicts_with = "script",
+        conflicts_with = "sh",
         conflicts_with = "js"
     )]
     js_file: Option<String>,
@@ -295,7 +295,7 @@ async fn main() -> Result<()> {
         None
     };
 
-    let rule_engine = if let Some(script) = &args.script {
+    let rule_engine = if let Some(script) = &args.sh {
         info!("Using script-based rule evaluation: {}", script);
         let script_engine = Box::new(ScriptRuleEngine::new(script.clone()));
         RuleEngine::from_trait(script_engine, request_log)
@@ -537,4 +537,4 @@ async fn main() -> Result<()> {
     }
 
     Ok(())
-}
+}
\ No newline at end of file
diff --git a/src/rules/script.rs b/src/rules/script.rs
index adb4323f..a588a89e 100644
--- a/src/rules/script.rs
+++ b/src/rules/script.rs
@@ -35,8 +35,7 @@ impl ScriptRuleEngine {
 
         // Build the command
         let mut cmd = if self.script.contains(' ') {
-            let shell = std::env::var("SHELL").unwrap_or_else(|_| "/bin/sh".to_string());
-            let mut cmd = tokio::process::Command::new(&shell);
+            let mut cmd = tokio::process::Command::new("sh");
             cmd.arg("-c").arg(&self.script);
             cmd
         } else {

From e439581ed0ceeaeabb69d6e49f581e13b74b1f72 Mon Sep 17 00:00:00 2001
From: "blink-so[bot]" <211532188+blink-so[bot]@users.noreply.github.com>
Date: Fri, 12 Sep 2025 14:20:25 +0000
Subject: [PATCH 2/2] fix: add missing newline at end of main.rs

Co-authored-by: ammario <7416144+ammario@users.noreply.github.com>
---
 src/main.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main.rs b/src/main.rs
index 9577bf28..cd668115 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -537,4 +537,4 @@ async fn main() -> Result<()> {
     }
 
     Ok(())
-}
\ No newline at end of file
+}