Redis CALL_DENYLIST — Blocked Commands
The Redis adapter (proxy/adapters/redis.ts) exposes a call method that forwards arbitrary Redis commands to the user's own Redis server. The CALL_DENYLIST blocks destructive, admin, and cluster-management commands that have no business being invoked through a data-access proxy.
Principle: Users interact with their own data — not the Redis server configuration, not replication topology, not connected clients. Any command that mutates the server itself (rather than keys in a database) is denied.
Denied commands
FLUSHALL / FLUSHDB
Deletes all keys in all databases (FLUSHALL) or the current database (FLUSHDB). Irreversible mass data loss. No legitimate data-access use case.
CONFIG
Reads or writes Redis server configuration at runtime (CONFIG GET, CONFIG SET, CONFIG REWRITE). Can change the server's binding address, authentication requirements, persistence settings, or maxmemory policy. Full server compromise.
SHUTDOWN
Stops the Redis server process. Denial of service against every application using that Redis instance.
DEBUG
Low-level debugging commands (DEBUG OBJECT, DEBUG SLEEP, DEBUG SEGFAULT). Can crash the server, inspect internal structures, or stall the event loop. Never needed for data access.
SAVE / BGSAVE / BGREWRITEAOF
Triggers synchronous (SAVE) or asynchronous (BGSAVE) snapshots, or AOF log compaction (BGREWRITEAOF). These are server-administration operations that consume I/O and CPU. Scheduling persistence is the operator's job, not a data client's.
SLAVEOF / REPLICAOF
Changes replication topology — promotes a replica to master, demotes a master to replica, or breaks replication entirely. Can cause split-brain, data loss, or total cluster disruption.
MODULE
Lists, loads, or unloads Redis modules at runtime (MODULE LIST, MODULE LOAD, MODULE UNLOAD). Loading an arbitrary .so into the Redis process is remote code execution on the server.
MIGRATE / RESTORE / RESTORE-ASKING
MIGRATE moves keys between Redis instances atomically — including across networks. Can exfiltrate data to an attacker-controlled server. RESTORE deserializes a serialized key payload; a malicious payload can crash or compromise the server.
CLUSTER
Manages Redis Cluster topology (CLUSTER MEET, CLUSTER FORGET, CLUSTER RESET, CLUSTER FAILOVER, etc.). Can partition a cluster, isolate nodes, or force unintended failovers.
ACL
Manages Redis ACL users and permissions (ACL SETUSER, ACL DELUSER, ACL LIST). Can lock out legitimate users, grant excessive permissions, or disable authentication entirely.
CLIENT
Inspects and terminates client connections (CLIENT LIST, CLIENT KILL, CLIENT PAUSE, CLIENT SETNAME). Can disconnect other applications or interrupt replication streams.
MONITOR
Streams every command processed by the Redis server in real time. This includes commands from other clients — a wiretap into every application using that Redis instance. Massive privacy violation and performance drain.
SYNC / PSYNC
Initiates a replication stream from a master. Used internally by replicas. A client issuing SYNC receives the full dataset — a complete data exfiltration vector.
SCRIPT / EVAL / EVALSHA / FUNCTION / FCALL / FCALL_RO
Arbitrary Lua script execution on the Redis server. Lua scripts run inside the Redis process with full access to all keys and server internals. Equivalent to arbitrary code execution. FUNCTION / FCALL / FCALL_RO are the Redis 7 replacements — same risk, different API.
Why the call method exists despite the denylist
The ALLOWED_METHODS set already gates which top-level methods are available (get, set, hget, zadd, etc.). But Redis has hundreds of commands, and maintaining an allowlist of every single one is brittle.
The call method acts as an escape hatch: it lets callers use any Redis command that isn't explicitly blocked, without the proxy needing to add a dedicated handler for every new Redis version's additions (e.g., ZMPOP, BLMOVE, HRANDFIELD).
The combination of ALLOWED_METHODS (gate at the method level) and CALL_DENYLIST (gate at the command level inside call) means:
- Well-known commands like
GET,SET,HGETALLgo through typedhandleDirectMethodhandlers — fast path, no denylist lookup needed. - Less common or new commands go through
call→ denylist check → forwarded to Redis. Safe by default; only blocked commands are enumerated. - Dangerous commands are blocked in both paths: they aren't in
ALLOWED_METHODS, and they're inCALL_DENYLISTas a second line of defense.
What is NOT blocked (and why)
Commands like DEL, RENAME, MOVE, COPY mutate or remove keys but are allowed. Why? Because they operate on user data. The proxy's job is to give users safe access to their own keys. If a user wants to delete their own key, that's their prerogative — the proxy shouldn't paternalistically forbid data mutations.
The line is drawn at server-level vs data-level operations. If a command changes the Redis server's behavior for everyone, it's blocked. If it only affects the caller's own keys, it's allowed.