mirror of
https://github.com/zhayujie/chatgpt-on-wechat.git
synced 2026-07-17 11:07:11 +08:00
Merge pull request #2863 from orbisai0security/fix/bash-credential-path-v2
fix(bash): narrow credential-file block to ~/.cow/.env only
This commit is contained in:
@@ -69,8 +69,8 @@ SAFETY:
|
||||
if not command:
|
||||
return ToolResult.fail("Error: command parameter is required")
|
||||
|
||||
# Security check: Prevent accessing sensitive config files
|
||||
if "~/.cow/.env" in command or "~/.cow" in command:
|
||||
# Security check: Prevent direct access to the credential file
|
||||
if re.search(r'\.cow[/\\]\.env', command):
|
||||
return ToolResult.fail(
|
||||
"Error: Access denied. API keys and credentials must be accessed through the env_config tool only."
|
||||
)
|
||||
|
||||
24
tests/test_invariant_bash.py
Normal file
24
tests/test_invariant_bash.py
Normal file
@@ -0,0 +1,24 @@
|
||||
import pytest
|
||||
from agent.tools.bash.bash import Bash
|
||||
|
||||
|
||||
@pytest.mark.parametrize("command", [
|
||||
"cat ~/.cow/.env",
|
||||
"cat .cow/.env",
|
||||
"less ~/.cow/.env",
|
||||
"cat /home/user/.cow/.env",
|
||||
])
|
||||
def test_credential_file_access_is_blocked(command):
|
||||
result = Bash().execute({"command": command})
|
||||
assert result.status == "error", f"Expected blocked result for: {command}"
|
||||
assert "Access denied" in str(result.result)
|
||||
|
||||
|
||||
@pytest.mark.parametrize("command", [
|
||||
"ls ~/.cow/skills",
|
||||
"ls ~/.cow/",
|
||||
"echo hello",
|
||||
])
|
||||
def test_legitimate_cow_directory_access_is_not_blocked(command):
|
||||
result = Bash().execute({"command": command})
|
||||
assert "Access denied" not in str(result.result)
|
||||
Reference in New Issue
Block a user