APEX/BrowserUse_and_ComputerUse_skills
5
0
Fork 0
Code Issues 6 Pull requests 1 Projects 1 Releases Packages Wiki Activity Actions

fix(security): add re.DOTALL to prevent multiline bypass of dangerous command detection

Browse source
This commit is contained in:
Farukest 2026-03-01 03:23:29 +03:00
parent 7b23dbfe68
commit 7166647ca1
No known key found for this signature in database
GPG key ID: 73E2756B3FFF5241
2 changed files with 25 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tools/approval.py
View file

@ -60,7 +60,7 @@ def detect_dangerous_command(command: str) -> tuple:
"""
command_lower = command.lower()
for pattern, description in DANGEROUS_PATTERNS:
if re.search(pattern, command_lower, re.IGNORECASE):
if re.search(pattern, command_lower, re.IGNORECASE | re.DOTALL):
pattern_key = pattern.split(r'\b')[1] if r'\b' in pattern else pattern[:20]
return (True, pattern_key, description)
return (False, None, None)