From 4b5fce66f56c920a30a4d8aa6236f7f2720b4131 Mon Sep 17 00:00:00 2001 From: YLChen-007 <30854794+YLChen-007@users.noreply.github.com> Date: Wed, 1 Jul 2026 01:22:34 -0700 Subject: [PATCH] fix(approval): flag remote content via command substitution (#26964) eval $(curl ...), source $(wget ...), and . $(curl ...) executed remote content but were not covered by the existing pipe-to-shell / process-substitution patterns. Adds a DANGEROUS_PATTERNS entry so these command-substitution forms consistently request approval. Original authorship preserved from PR #26965 (bot-authored commit re-attributed to the human contributor). --- tools/approval.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/approval.py b/tools/approval.py index 7c0e99f11ed..68f0340e5cc 100644 --- a/tools/approval.py +++ b/tools/approval.py @@ -507,6 +507,9 @@ DANGEROUS_PATTERNS = [ (r'\b(python[23]?|perl|ruby|node)\s+-[ec]\s+', "script execution via -e/-c flag"), (r'\b(curl|wget)\b.*\|\s*(?:[/\w]*/)?(?:ba)?sh(?:\s|$|-c)', "pipe remote content to shell"), (r'\b(bash|sh|zsh|ksh)\s+<\s*>?\s*["\']?{_SENSITIVE_WRITE_TARGET}', "overwrite system file via redirection"), (rf'\btee\b.*["\']?{_PROJECT_SENSITIVE_WRITE_TARGET}["\']?{_WRITE_TARGET_BOUNDARY}', "overwrite project env/config via tee"),