Skip to content

Redis CALL_DENYLIST — Blocked Commands

The Redis adapter (proxy/adapters/redis.ts) exposes a call method that forwards arbitrary Redis commands to the user's own Redis server. The CALL_DENYLIST blocks destructive, admin, and cluster-management commands that have no business being invoked through a data-access proxy.

Principle: Users interact with their own data — not the Redis server configuration, not replication topology, not connected clients. Any command that mutates the server itself (rather than keys in a database) is denied.


Denied commands

FLUSHALL / FLUSHDB

Deletes all keys in all databases (FLUSHALL) or the current database (FLUSHDB). Irreversible mass data loss. No legitimate data-access use case.

CONFIG

Reads or writes Redis server configuration at runtime (CONFIG GET, CONFIG SET, CONFIG REWRITE). Can change the server's binding address, authentication requirements, persistence settings, or maxmemory policy. Full server compromise.

SHUTDOWN

Stops the Redis server process. Denial of service against every application using that Redis instance.

DEBUG

Low-level debugging commands (DEBUG OBJECT, DEBUG SLEEP, DEBUG SEGFAULT). Can crash the server, inspect internal structures, or stall the event loop. Never needed for data access.

SAVE / BGSAVE / BGREWRITEAOF

Triggers synchronous (SAVE) or asynchronous (BGSAVE) snapshots, or AOF log compaction (BGREWRITEAOF). These are server-administration operations that consume I/O and CPU. Scheduling persistence is the operator's job, not a data client's.

SLAVEOF / REPLICAOF

Changes replication topology — promotes a replica to master, demotes a master to replica, or breaks replication entirely. Can cause split-brain, data loss, or total cluster disruption.

MODULE

Lists, loads, or unloads Redis modules at runtime (MODULE LIST, MODULE LOAD, MODULE UNLOAD). Loading an arbitrary .so into the Redis process is remote code execution on the server.

MIGRATE / RESTORE / RESTORE-ASKING

MIGRATE moves keys between Redis instances atomically — including across networks. Can exfiltrate data to an attacker-controlled server. RESTORE deserializes a serialized key payload; a malicious payload can crash or compromise the server.

CLUSTER

Manages Redis Cluster topology (CLUSTER MEET, CLUSTER FORGET, CLUSTER RESET, CLUSTER FAILOVER, etc.). Can partition a cluster, isolate nodes, or force unintended failovers.

ACL

Manages Redis ACL users and permissions (ACL SETUSER, ACL DELUSER, ACL LIST). Can lock out legitimate users, grant excessive permissions, or disable authentication entirely.

CLIENT

Inspects and terminates client connections (CLIENT LIST, CLIENT KILL, CLIENT PAUSE, CLIENT SETNAME). Can disconnect other applications or interrupt replication streams.

MONITOR

Streams every command processed by the Redis server in real time. This includes commands from other clients — a wiretap into every application using that Redis instance. Massive privacy violation and performance drain.

SYNC / PSYNC

Initiates a replication stream from a master. Used internally by replicas. A client issuing SYNC receives the full dataset — a complete data exfiltration vector.

SCRIPT / EVAL / EVALSHA / FUNCTION / FCALL / FCALL_RO

Arbitrary Lua script execution on the Redis server. Lua scripts run inside the Redis process with full access to all keys and server internals. Equivalent to arbitrary code execution. FUNCTION / FCALL / FCALL_RO are the Redis 7 replacements — same risk, different API.


Why the call method exists despite the denylist

The ALLOWED_METHODS set already gates which top-level methods are available (get, set, hget, zadd, etc.). But Redis has hundreds of commands, and maintaining an allowlist of every single one is brittle.

The call method acts as an escape hatch: it lets callers use any Redis command that isn't explicitly blocked, without the proxy needing to add a dedicated handler for every new Redis version's additions (e.g., ZMPOP, BLMOVE, HRANDFIELD).

The combination of ALLOWED_METHODS (gate at the method level) and CALL_DENYLIST (gate at the command level inside call) means:

  • Well-known commands like GET, SET, HGETALL go through typed handleDirectMethod handlers — fast path, no denylist lookup needed.
  • Less common or new commands go through call → denylist check → forwarded to Redis. Safe by default; only blocked commands are enumerated.
  • Dangerous commands are blocked in both paths: they aren't in ALLOWED_METHODS, and they're in CALL_DENYLIST as a second line of defense.

What is NOT blocked (and why)

Commands like DEL, RENAME, MOVE, COPY mutate or remove keys but are allowed. Why? Because they operate on user data. The proxy's job is to give users safe access to their own keys. If a user wants to delete their own key, that's their prerogative — the proxy shouldn't paternalistically forbid data mutations.

The line is drawn at server-level vs data-level operations. If a command changes the Redis server's behavior for everyone, it's blocked. If it only affects the caller's own keys, it's allowed.