mirror of
https://github.com/zhayujie/chatgpt-on-wechat.git
synced 2026-07-17 11:07:11 +08:00
fix(bash): narrow credential-file block to ~/.cow/.env only
Replace the broad `~/.cow` directory check with a regex that matches only the credential file path (`\.cow[/\\]\.env`), so legitimate access to other `~/.cow/` subdirectories (e.g. skills) is no longer blocked. Drop the incomplete env/printenv blocking rule per reviewer feedback. Rewrite test_invariant_bash.py to use the correct Bash().execute() API and cover both the blocked and allowed cases. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -69,8 +69,8 @@ SAFETY:
|
||||
if not command:
|
||||
return ToolResult.fail("Error: command parameter is required")
|
||||
|
||||
# Security check: Prevent accessing sensitive config files
|
||||
if "~/.cow/.env" in command or "~/.cow" in command:
|
||||
# Security check: Prevent direct access to the credential file
|
||||
if re.search(r'\.cow[/\\]\.env', command):
|
||||
return ToolResult.fail(
|
||||
"Error: Access denied. API keys and credentials must be accessed through the env_config tool only."
|
||||
)
|
||||
|
||||
Reference in New Issue
Block a user