megaproxy
5b970f8b48
Four new compiled-in hard-deny rules covering PowerShell + cmd.exe catastrophic patterns (mirror of the POSIX 10): - Remove-Item / del / rd / ri / rm / erase / rmdir targeting C:\ or user home / appdata - Format-Volume / Clear-Disk with any flag (= an invocation, not a Get-Help lookup) - iwr | iex pipe form (PowerShell web-to-execute) - iex (irm ...) parenthesized form Universal application — no shell-aware scoping yet. PS cmdlet identifiers are distinctive enough that bash false-positives are vanishingly unlikely. Shell-aware policy scoping remains a known follow-up. Drift-proof the "Always blocked" label list: backend now exposes hard_deny_rules() via a new mcp_hard_deny_labels Tauri command, and PolicyTab loads it at mount instead of hardcoding the list. Avoids the 11→15 manual sync that would have been needed (and that had already drifted twice this week). cargo test --lib: 138 passed; 0 failed (118 prior + 20 new fuzz cases for rules 11-14; hard_deny_rules_count bumped 10 → 14). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| components | ||
| lib | ||
| App.css | ||
| App.tsx | ||
| ipc.ts | ||
| main.tsx | ||
| styles.css | ||