APEX/BrowserUse_and_ComputerUse_skills
5
0
Fork 0
Code Issues 6 Pull requests 1 Projects 1 Releases Packages Wiki Activity Actions

Merge PR #233: fix(security): add re.DOTALL to prevent multiline bypass of dangerous command detection

Browse source 
Authored by Farukest. Fixes #232.
This commit is contained in:
teknium1 2026-03-02 04:44:06 -08:00
commit 4faf2a6cf4
2 changed files with 25 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tools/approval.py
View file

@ -60,7 +60,7 @@ def detect_dangerous_command(command: str) -> tuple:
"""
command_lower = command.lower()
for pattern, description in DANGEROUS_PATTERNS:
if re.search(pattern, command_lower, re.IGNORECASE):
if re.search(pattern, command_lower, re.IGNORECASE | re.DOTALL):
pattern_key = pattern.split(r'\b')[1] if r'\b' in pattern else pattern[:20]
return (True, pattern_key, description)
return (False, None, None)