mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-07-14 14:12:44 +00:00
fix(approval): flag remote content via command substitution (#26964)
eval $(curl ...), source $(wget ...), and . $(curl ...) executed remote content but were not covered by the existing pipe-to-shell / process-substitution patterns. Adds a DANGEROUS_PATTERNS entry so these command-substitution forms consistently request approval. Original authorship preserved from PR #26965 (bot-authored commit re-attributed to the human contributor).
This commit is contained in:
parent
1ebc56ca39
commit
4b5fce66f5
1 changed files with 3 additions and 0 deletions
|
|
@ -507,6 +507,9 @@ DANGEROUS_PATTERNS = [
|
|||
(r'\b(python[23]?|perl|ruby|node)\s+-[ec]\s+', "script execution via -e/-c flag"),
|
||||
(r'\b(curl|wget)\b.*\|\s*(?:[/\w]*/)?(?:ba)?sh(?:\s|$|-c)', "pipe remote content to shell"),
|
||||
(r'\b(bash|sh|zsh|ksh)\s+<\s*<?\s*\(\s*(curl|wget)\b', "execute remote script via process substitution"),
|
||||
# Remote content executed via command substitution: eval/source/. $(curl ...)
|
||||
# or `wget ...`. Equivalent to piping remote content to a shell.
|
||||
(r'(?:\beval\b|\bsource\b|\.)\s*(?:\$\(\s*|`\s*)(?:curl|wget)\b', "execute remote content via command substitution"),
|
||||
(rf'\btee\b.*["\']?{_SENSITIVE_WRITE_TARGET}', "overwrite system file via tee"),
|
||||
(rf'>>?\s*["\']?{_SENSITIVE_WRITE_TARGET}', "overwrite system file via redirection"),
|
||||
(rf'\btee\b.*["\']?{_PROJECT_SENSITIVE_WRITE_TARGET}["\']?{_WRITE_TARGET_BOUNDARY}', "overwrite project env/config via tee"),
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue