APEX/BrowserUse_and_ComputerUse_skills
5
0
Fork 0
Code Issues 4 Pull requests 1 Projects 1 Releases Packages Wiki Activity Actions

fix: prevent --force from overriding dangerous verdict in should_allow_install

Browse source 
The docstring states --force should never override dangerous verdicts,
but the condition `if result.verdict == "dangerous" and not force`
allowed force=True to skip the early return. Execution then fell
through to `if force: return True`, bypassing the policy block.

Removed `and not force` so dangerous skills are always blocked
regardless of the --force flag.
This commit is contained in:
Farukest 2026-03-04 18:10:18 +03:00
parent 70a0a5ff4a
commit 4805be0119
No known key found for this signature in database
GPG key ID: 73E2756B3FFF5241
3 changed files with 113 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

17
tests/tools/test_skills_guard.py
View file

@ -115,6 +115,23 @@ class TestShouldAllowInstall:
allowed, _ = should_allow_install(self._result("community", "dangerous", f), force=False)
assert allowed is False
def test_force_never_overrides_dangerous(self):
"""--force must not bypass dangerous verdict (regression test)."""
f = [Finding("x", "critical", "c", "f", 1, "m", "d")]
allowed, reason = should_allow_install(
self._result("community", "dangerous", f), force=True
)
assert allowed is False
assert "DANGEROUS" in reason
def test_force_never_overrides_dangerous_trusted(self):
"""--force must not bypass dangerous even for trusted sources."""
f = [Finding("x", "critical", "c", "f", 1, "m", "d")]
allowed, _ = should_allow_install(
self._result("trusted", "dangerous", f), force=True
)
assert allowed is False
# ---------------------------------------------------------------------------
# scan_file — pattern detection