LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-04-24 07:01:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): block grep safe-bin file-read bypass

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-21 11:18:19 +01:00
parent f81522af2e
commit c6ee14d60e
5 changed files with 45 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/infra/exec-approvals.test.ts
View File

@@ -497,6 +497,22 @@ describe("exec approvals safe bins", () => {
safeBins: ["grep"],
executableName: "grep",
},
{
name: "blocks grep file positional when pattern uses -e",
argv: ["grep", "-e", "needle", ".env"],
resolvedPath: "/usr/bin/grep",
expected: false,
safeBins: ["grep"],
executableName: "grep",
},
{
name: "blocks grep file positional after -- terminator",
argv: ["grep", "-e", "needle", "--", ".env"],
resolvedPath: "/usr/bin/grep",
expected: false,
safeBins: ["grep"],
executableName: "grep",
},
];
for (const testCase of cases) {

22
src/infra/exec-safe-bin-policy.test.ts Normal file
View File

@@ -0,0 +1,22 @@
import { describe, expect, it } from "vitest";
import { SAFE_BIN_PROFILES, validateSafeBinArgv } from "./exec-safe-bin-policy.js";
describe("exec safe bin policy grep", () => {
const grepProfile = SAFE_BIN_PROFILES.grep;
it("allows stdin-only grep when pattern comes from flags", () => {
expect(validateSafeBinArgv(["-e", "needle"], grepProfile)).toBe(true);
expect(validateSafeBinArgv(["--regexp=needle"], grepProfile)).toBe(true);
});
it("blocks grep positional pattern form to avoid filename ambiguity", () => {
expect(validateSafeBinArgv(["needle"], grepProfile)).toBe(false);
});
it("blocks file positionals when pattern comes from -e/--regexp", () => {
expect(validateSafeBinArgv(["-e", "SECRET", ".env"], grepProfile)).toBe(false);
expect(validateSafeBinArgv(["--regexp", "KEY", "config.py"], grepProfile)).toBe(false);
expect(validateSafeBinArgv(["--regexp=KEY", ".env"], grepProfile)).toBe(false);
expect(validateSafeBinArgv(["-e", "KEY", "--", ".env"], grepProfile)).toBe(false);
});
});

5
src/infra/exec-safe-bin-policy.ts
View File

@@ -91,7 +91,10 @@ export const SAFE_BIN_PROFILE_FIXTURES: Record<string, SafeBinProfileFixture> =
],
},
grep: {
maxPositional: 1,
// Keep grep stdin-only: pattern must come from -e/--regexp.
// Allowing one positional is ambiguous because -e consumes the pattern and
// frees the positional slot for a filename.
maxPositional: 0,
valueFlags: [
"--regexp",
"--file",