LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-03-07 22:44:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): block grep safe-bin file-read bypass

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-21 11:18:19 +01:00
parent f81522af2e
commit c6ee14d60e
5 changed files with 45 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/tools/exec-approvals.md
View File

@@ -146,6 +146,8 @@ Default safe bins: `jq`, `cut`, `uniq`, `head`, `tail`, `tr`, `wc`.
`grep` and `sort` are not in the default list. If you opt in, keep explicit allowlist entries for
their non-stdin workflows.
For `grep` in safe-bin mode, provide the pattern with `-e`/`--regexp`; positional pattern form is
rejected so file operands cannot be smuggled as ambiguous positionals.
## Control UI editing