feat: implemented approval flow for pam access

[akhilmhdh]

Description 📣

This PR implemented approval flow for pam account access. The user will be asked to trigger request and on confirmation will be redirect to request detail screen

Type ✨

• Bug fix
• New feature
• Improvement
• Breaking change
• Documentation

Tests 🛠️

# Here's some code block to paste some code snippets

---

• I have read the contributing guide, agreed and acknowledged the code of conduct. 📝

[greptile-apps]

Greptile Overview

Greptile Summary

This PR implements an approval flow for PAM account access. When a user attempts to access a PAM account protected by an approval policy, the CLI now prompts them to trigger an approval request and redirects to the approval request details page.

Key changes:

• Added CallPAMAccessApprovalRequest API function to create approval requests
• Implemented error handling to detect policy-protected resources and trigger approval flow
• Added askForApprovalRequestTrigger prompt for user confirmation
• Added OpenBrowser utility to open approval request URLs

Critical security issues:

• Command injection vulnerability in OpenBrowser function - URLs from API are passed directly to shell commands without validation
• URL construction from untrusted API response could be exploited via compromised API or MITM attack

Other issues:

• Trailing comma in JSON tag causes incorrect field serialization

Confidence Score: 2/5

• Critical command injection vulnerability in browser opening mechanism poses significant security risk
• Score reflects critical security vulnerability where unsanitized URLs from API responses are passed to shell commands, enabling command injection attacks. Additionally, a syntax error will cause incorrect JSON serialization.
• packages/util/helper.go (command injection), packages/pam/local/database-proxy.go (URL validation), packages/api/model.go (syntax fix)

Important Files Changed

File Analysis

Filename	Score	Overview
packages/api/model.go	4/5	Added structs for PAM approval request payload and response - has trailing comma in JSON tag
packages/pam/local/database-proxy.go	4/5	Implemented approval flow with user prompt and browser redirect - URL construction could be vulnerable
packages/util/helper.go	5/5	Added cross-platform OpenBrowser utility function for opening URLs

[greptile-apps]

_{4 files reviewed, 3 comments}

_{Edit Code Review Agent Settings | Greptile}