Timmy_Foundation/hermes-agent
15
0
Fork 0
Code Issues 61 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: use description as pattern_key to prevent approval collisions

Browse Source 
pattern_key was derived by splitting the regex on \b and taking [1],
so patterns starting with the same word (e.g. find -exec rm and
find -delete) produced the same key "find". Approving one silently
approved the other. Using the unique description string as the key
eliminates all collisions.
This commit is contained in:
0xbyt4
2026-03-12 22:39:46 +03:00
committed by teknium1
parent 08081e5969
commit 4a93cfd889
2 changed files with 28 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
tests/tools/test_approval.py
View File

@@ -342,6 +342,33 @@ class TestFindExecFullPathRm:
assert key is None
class TestPatternKeyUniqueness:
"""Bug: pattern_key is derived by splitting on \\b and taking [1], so
patterns starting with the same word (e.g. find -exec rm and find -delete)
produce the same key. Approving one silently approves the other."""
def test_find_exec_rm_and_find_delete_have_different_keys(self):
_, key_exec, _ = detect_dangerous_command("find . -exec rm {} \\;")
_, key_delete, _ = detect_dangerous_command("find . -name '*.tmp' -delete")
assert key_exec != key_delete, (
f"find -exec rm and find -delete share key {key_exec!r}"
"approving one silently approves the other"
)
def test_approving_find_exec_does_not_approve_find_delete(self):
"""Session approval for find -exec rm must not carry over to find -delete."""
_, key_exec, _ = detect_dangerous_command("find . -exec rm {} \\;")
_, key_delete, _ = detect_dangerous_command("find . -name '*.tmp' -delete")
session = "test_find_collision"
clear_session(session)
approve_session(session, key_exec)
assert is_approved(session, key_exec) is True
assert is_approved(session, key_delete) is False, (
"approving find -exec rm should not auto-approve find -delete"
)
clear_session(session)
class TestViewFullCommand:
"""Tests for the 'view full command' option in prompt_dangerous_approval."""

2
tools/approval.py
View File

@@ -63,7 +63,7 @@ def detect_dangerous_command(command: str) -> tuple:
command_lower = command.lower()
for pattern, description in DANGEROUS_PATTERNS:
if re.search(pattern, command_lower, re.IGNORECASE | re.DOTALL):
pattern_key = pattern.split(r'\b')[1] if r'\b' in pattern else pattern[:20]
pattern_key = description
return (True, pattern_key, description)
return (False, None, None)