MayaTheShy/claw-code
1
0
Fork 0
mirror of https://github.com/instructkr/claw-code.git synced 2026-06-08 10:45:23 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix: validate attached redirection paths

Browse Source
This commit is contained in:
陈家名
2026-06-08 10:18:48 +08:00
parent 9b3548ca43
commit eb21179dde
2 changed files with 31 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
tests/test_security_scope.py
View File

@@ -72,6 +72,28 @@ class WorkspacePathScopeTests(unittest.TestCase):
self.assertFalse(decision.allowed)
self.assertIn(str(outside.resolve()), decision.resolved or '')
def test_attached_shell_redirection_targets_are_validated(self) -> None:
with tempfile.TemporaryDirectory() as tmp:
root = Path(tmp)
workspace = root / 'workspace'
outside = root / 'outside'
workspace.mkdir()
outside.mkdir()
(outside / 'secret.txt').write_text('secret')
self.assertEqual(
('../outside/secret.txt', '../outside/error.log'),
extract_path_candidates(
'cat <../outside/secret.txt 2>../outside/error.log'
),
)
decision = WorkspacePathScope.from_root(workspace).validate_payload(
'cat <../outside/secret.txt 2>../outside/error.log'
)
self.assertFalse(decision.allowed)
self.assertIn(str(outside.resolve()), decision.resolved or '')
def test_explicit_worktree_roots_are_allowed(self) -> None:
with tempfile.TemporaryDirectory() as tmp:
root = Path(tmp)