harden sandbox escape vectors for bash disabled/restricted modes (#257)
* harden sandbox escape vectors for bash disabled/restricted modes block git config injection (-c flag as subcommand), dangerous subcommands (config, submodule, rebase, bisect), code-executing arg flags (--exec, --extcmd), .gitattributes/.gitmodules writes, and package lifecycle scripts. add retry logic to test runner for transient failures. add security unit tests and adhoc attack tests. Co-authored-by: Cursor <cursoragent@cursor.com> * only filter subcommands in nobash, remove nobash from ui * use regex matching * iterate on tests * simplify githooks --------- Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
committed by
pullfrog[bot]
parent
f37d02b292
commit
bc28c658f2
@@ -28,7 +28,8 @@ jobs:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
agent: [claude, codex, cursor, gemini, opencode]
|
||||
test: [file-read-write, mcpmerge, no-native-file, nobash, restricted, smoke]
|
||||
test:
|
||||
[file-read-write, mcpmerge, no-native-file, nobash, restricted, smoke]
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
|
||||
@@ -56,7 +57,20 @@ jobs:
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
test: [file-traversal, git-permissions, githooks, proc-sandbox, push-disabled, push-enabled, push-restricted, symlink-traversal, timeout, token-exfil]
|
||||
test:
|
||||
[
|
||||
file-traversal,
|
||||
git-permissions,
|
||||
githooks,
|
||||
pkg-json-scripts,
|
||||
proc-sandbox,
|
||||
push-disabled,
|
||||
push-enabled,
|
||||
push-restricted,
|
||||
symlink-traversal,
|
||||
timeout,
|
||||
token-exfil,
|
||||
]
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
|
||||
|
||||
Reference in New Issue
Block a user