fix: add embedded safe defaults to SecurityValidator#932
Open
dalepike wants to merge 1 commit intodanielmiessler:mainfrom
Open
fix: add embedded safe defaults to SecurityValidator#932dalepike wants to merge 1 commit intodanielmiessler:mainfrom
dalepike wants to merge 1 commit intodanielmiessler:mainfrom
Conversation
SecurityValidator.hook.ts references patterns.yaml and patterns.example.yaml for security rules, but v4.0.3 ships neither the PAISECURITYSYSTEM directories nor the pattern files. The installer does not create them either. This means every fresh install has a SecurityValidator that runs on every tool call but blocks nothing — the hook fails open to empty arrays. This adds a getEmbeddedDefaults() function with hardcoded patterns for catastrophic operations (filesystem destruction, disk erasure, repo deletion) and common credential paths. When no external config is found or parsing fails, loadPatterns now falls back to these embedded defaults instead of empty arrays. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
SecurityValidator.hook.tslooks for security patterns in two locations:PAI/USER/PAISECURITYSYSTEM/patterns.yaml(user rules)PAI/PAISECURITYSYSTEM/patterns.example.yaml(system defaults)v4.0.3 ships neither the
PAISECURITYSYSTEM/directories nor the pattern files. The installer does not create them. The hook'sgetPatternsPath()returnsnull, andloadPatterns()returns empty arrays for all pattern categories:The result: every fresh v4.0.3 install has a SecurityValidator that runs on every tool call but blocks nothing. Destructive filesystem commands, disk operations, and repo deletions pass through unchecked.
The hook's own docstring (line 35) says "Missing patterns.yaml: Uses default safe patterns" but no such defaults exist in the code.
Fix
Adds a
getEmbeddedDefaults()function with hardcoded patterns for catastrophic operations:diskutil eraseDisk/zeroDisk/partitionDisk,dd if=/dev/zero,mkfs), repo deletion (gh repo delete)git push --force/-f), hard reset (git reset --hard)curl | sh/bash)When no external config is found or parsing fails,
loadPatterns()now falls back to these embedded defaults instead of empty arrays.This is intentionally a minimal safety net. Users who create their own
patterns.yamloverride these defaults entirely, preserving the existing cascading config design.What this does NOT change
PAI/USER/...convention is correct and untouched)SecurityValidator.hook.tsTest plan
patterns.yaml: verify destructive commands trigger exit(2)patterns.yaml: verifygit push --forcetriggers confirm promptpatterns.yamlpresent: verify user patterns are used (not embedded defaults)patterns.yaml: verify fallback to embedded defaults with error logged to stderr