Files
chatgpt-on-wechat/tests/test_invariant_bash.py
OrbisAI Security 2a16c562a8 fix(bash): narrow credential-file block to ~/.cow/.env only
Replace the broad `~/.cow` directory check with a regex that matches
only the credential file path (`\.cow[/\\]\.env`), so legitimate access
to other `~/.cow/` subdirectories (e.g. skills) is no longer blocked.

Drop the incomplete env/printenv blocking rule per reviewer feedback.

Rewrite test_invariant_bash.py to use the correct Bash().execute()
API and cover both the blocked and allowed cases.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-05 11:36:22 +05:30

25 lines
699 B
Python

import pytest
from agent.tools.bash.bash import Bash
@pytest.mark.parametrize("command", [
"cat ~/.cow/.env",
"cat .cow/.env",
"less ~/.cow/.env",
"cat /home/user/.cow/.env",
])
def test_credential_file_access_is_blocked(command):
result = Bash().execute({"command": command})
assert result.status == "error", f"Expected blocked result for: {command}"
assert "Access denied" in str(result.result)
@pytest.mark.parametrize("command", [
"ls ~/.cow/skills",
"ls ~/.cow/",
"echo hello",
])
def test_legitimate_cow_directory_access_is_not_blocked(command):
result = Bash().execute({"command": command})
assert "Access denied" not in str(result.result)