Merge pull request #2863 from orbisai0security/fix/bash-credential-path-v2

fix(bash): narrow credential-file block to ~/.cow/.env only
This commit is contained in:
zhayujie
2026-06-05 15:46:59 +08:00
committed by GitHub
2 changed files with 26 additions and 2 deletions

View File

@@ -69,8 +69,8 @@ SAFETY:
if not command:
return ToolResult.fail("Error: command parameter is required")
# Security check: Prevent accessing sensitive config files
if "~/.cow/.env" in command or "~/.cow" in command:
# Security check: Prevent direct access to the credential file
if re.search(r'\.cow[/\\]\.env', command):
return ToolResult.fail(
"Error: Access denied. API keys and credentials must be accessed through the env_config tool only."
)

View File

@@ -0,0 +1,24 @@
import pytest
from agent.tools.bash.bash import Bash
@pytest.mark.parametrize("command", [
"cat ~/.cow/.env",
"cat .cow/.env",
"less ~/.cow/.env",
"cat /home/user/.cow/.env",
])
def test_credential_file_access_is_blocked(command):
result = Bash().execute({"command": command})
assert result.status == "error", f"Expected blocked result for: {command}"
assert "Access denied" in str(result.result)
@pytest.mark.parametrize("command", [
"ls ~/.cow/skills",
"ls ~/.cow/",
"echo hello",
])
def test_legitimate_cow_directory_access_is_not_blocked(command):
result = Bash().execute({"command": command})
assert "Access denied" not in str(result.result)