lzh/picoclaw
1
0
Fork 0
mirror of https://github.com/sipeed/picoclaw.git synced 2026-06-12 18:08:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): ensure custom deny patterns extend defaults instead of replacing them (#479)

Browse Source 
* fix (security): custom deny patterns denying default patterns

* fix formatting whitespace
This commit is contained in:
Goksu Ceylan
2026-02-23 17:02:44 -05:00
committed by GitHub
parent 2fa51d7b86
commit 09b1992dd7
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/tools/shell.go
+1 -2
View File
@@ -81,6 +81,7 @@ func NewExecToolWithConfig(workingDir string, restrict bool, config *config.Conf
execConfig := config.Tools.Exec
enableDenyPatterns = execConfig.EnableDenyPatterns
if enableDenyPatterns {
denyPatterns = append(denyPatterns, defaultDenyPatterns...)
if len(execConfig.CustomDenyPatterns) > 0 {
fmt.Printf("Using custom deny patterns: %v\n", execConfig.CustomDenyPatterns)
for _, pattern := range execConfig.CustomDenyPatterns {
@@ -91,8 +92,6 @@ func NewExecToolWithConfig(workingDir string, restrict bool, config *config.Conf
}
denyPatterns = append(denyPatterns, re)
}
} else {
denyPatterns = append(denyPatterns, defaultDenyPatterns...)
}
} else {
// If deny patterns are disabled, we won't add any patterns, allowing all commands.