From 7862e7010cbd90fe6da9dea030b9a0cb9c20486d Mon Sep 17 00:00:00 2001
From: teknium1 <teknium1@gmail.com>
Date: Mon, 2 Mar 2026 04:46:27 -0800
Subject: [PATCH] test: add additional multiline bypass tests for find patterns

Extra test coverage for newline bypass detection (DOTALL fix).
Inspired by Bartok9's PR #245.
---
 tests/tools/test_approval.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/tests/tools/test_approval.py b/tests/tools/test_approval.py
index 73fd2301bf..82e336ff22 100644
--- a/tests/tools/test_approval.py
+++ b/tests/tools/test_approval.py
@@ -179,3 +179,13 @@ class TestMultilineBypass:
         is_dangerous, _, desc = detect_dangerous_command(cmd)
         assert is_dangerous is True, f"multiline chmod bypass not caught: {cmd!r}"
 
+    def test_find_exec_rm_with_newline(self):
+        cmd = "find /tmp \\\n-exec rm {} \\;"
+        is_dangerous, _, desc = detect_dangerous_command(cmd)
+        assert is_dangerous is True, f"multiline find -exec rm bypass not caught: {cmd!r}"
+
+    def test_find_delete_with_newline(self):
+        cmd = "find . -name '*.tmp' \\\n-delete"
+        is_dangerous, _, desc = detect_dangerous_command(cmd)
+        assert is_dangerous is True, f"multiline find -delete bypass not caught: {cmd!r}"
+