mirror of
https://github.com/zhayujie/chatgpt-on-wechat.git
synced 2026-07-17 19:27:11 +08:00
Replace the broad `~/.cow` directory check with a regex that matches only the credential file path (`\.cow[/\\]\.env`), so legitimate access to other `~/.cow/` subdirectories (e.g. skills) is no longer blocked. Drop the incomplete env/printenv blocking rule per reviewer feedback. Rewrite test_invariant_bash.py to use the correct Bash().execute() API and cover both the blocked and allowed cases. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
25 lines
699 B
Python
25 lines
699 B
Python
import pytest
|
|
from agent.tools.bash.bash import Bash
|
|
|
|
|
|
@pytest.mark.parametrize("command", [
|
|
"cat ~/.cow/.env",
|
|
"cat .cow/.env",
|
|
"less ~/.cow/.env",
|
|
"cat /home/user/.cow/.env",
|
|
])
|
|
def test_credential_file_access_is_blocked(command):
|
|
result = Bash().execute({"command": command})
|
|
assert result.status == "error", f"Expected blocked result for: {command}"
|
|
assert "Access denied" in str(result.result)
|
|
|
|
|
|
@pytest.mark.parametrize("command", [
|
|
"ls ~/.cow/skills",
|
|
"ls ~/.cow/",
|
|
"echo hello",
|
|
])
|
|
def test_legitimate_cow_directory_access_is_not_blocked(command):
|
|
result = Bash().execute({"command": command})
|
|
assert "Access denied" not in str(result.result)
|