mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-04-27 01:11:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

fix: escape parens and braces in fork bomb regex pattern

Browse source 
The fork bomb regex used `()` (empty capture group) and unescaped `{}`
instead of literal `\(\)` and `\{\}`. This meant the classic fork bomb
`:(){ :|:& };:` was never detected. Also added `\s*` between `:` and
`&` and between `;` and trailing `:` to catch whitespace variants.
This commit is contained in:
0xbyt4 2026-03-12 22:37:02 +03:00 committed by teknium1
parent 30120f05a6
commit e6417cb7bc
2 changed files with 18 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

17
tests/tools/test_approval.py
View file

@ -413,3 +413,20 @@ class TestViewFullCommand:
# After first 'v', is_truncated becomes False, so second 'v' -> deny
assert result == "deny"
class TestForkBombDetection:
"""The fork bomb regex must match the classic :(){ :|:& };: pattern."""
def test_classic_fork_bomb(self):
dangerous, key, desc = detect_dangerous_command(":(){ :|:& };:")
assert dangerous is True, "classic fork bomb not detected"
assert "fork bomb" in desc.lower()
def test_fork_bomb_with_spaces(self):
dangerous, key, desc = detect_dangerous_command(":() { : | :& } ; :")
assert dangerous is True, "fork bomb with extra spaces not detected"
def test_colon_in_safe_command_not_flagged(self):
dangerous, key, desc = detect_dangerous_command("echo hello:world")
assert dangerous is False