Update patterns for pattern-based command injection#8546
Update patterns for pattern-based command injection#8546dorien-koelemeijer wants to merge 3 commits intomainfrom
Conversation
…high false positive rates still
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c5a9689265
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: d39a5ea57c
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 98f112bfe7
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| description: "Recursive file deletion with rm -rf", | ||
| risk_level: RiskLevel::High, | ||
| name: "rm_rf_root_bare", | ||
| pattern: r"rm\s+(-[rRfF]+\s+)*(-[rRfF]+|--recursive|--force|--no-preserve-root)(\s+(-[rRfF]+|--recursive|--force|--no-preserve-root))*\s+['\x22]?/['\x22]?(\s|$)", |
There was a problem hiding this comment.
The new rm_rf_root_bare regex only matches a bare / argument, so destructive variants like rm -rf /* (a common way to avoid GNU rm's root safeguard) no longer match any filesystem-destruction pattern. In pattern-based fallback when command ML is unavailable, this can drop confidence to 0 and let a full-root wipe command pass unflagged.
Useful? React with 👍 / 👎.
| ThreatPattern { | ||
| name: "rm_rf_system", | ||
| pattern: r"rm\s+(-[rf]*[rf][rf]*|--recursive|--force).*(bin|etc|usr|var|sys|proc|dev|boot|lib|opt|srv|tmp)", | ||
| pattern: r"rm\s+(-[rf]*[rf][rf]*|--recursive|--force).*/(bin|etc|usr|var|sys|proc|dev|boot|lib|opt|srv)\b", |
There was a problem hiding this comment.
Requiring /(bin|etc|usr|...) in rm_rf_system misses destructive relative paths like cd / && rm -rf etc or cd / && rm -rf var, which are valid commands that delete system directories from root. Before this change these commands matched the critical system-delete rule; now they can evade pattern-based detection entirely in fallback mode.
Useful? React with 👍 / 👎.
1 participant
Summary
Update patterns for pattern-based command injection detection due to high false positive rates still. The command injection classifier false positive rates are very low, but if users aren't connected to WARP, there is an automatic fallback to pattern-based command injection detection.
Testing
Manual testing running
just run-ui