feat: whitelist some commands #190
Conversation
|
@ErikBjare Do I need to configure something on my end to fix these tests? I see one needs a |
|
Ah yes, since the keys are secret you don't have access to them when you trigger the job. Not sure what's the easiest way to work around this. The logs contain Weird that it worked for other PRs? It kinda shouldn't? |
|
I don't think it worked in other PRs either: |
I added you as a collaborator (invite sent), but you might have to set the secrets in your forked repo. |
Sorry I meant it seems to be working on your PRs |
![ellipsis-dev[bot]](https://avatars.githubusercontent.com/in/64358?s=60&v=4){kind=small}
There was a problem hiding this comment.
👍 Looks good to me! Reviewed everything up to 5442e46 in 14 seconds
More details
- Looked at
37lines of code in1files - Skipped
0files when reviewing. - Skipped posting
1drafted comments based on config settings.
1. gptme/tools/shell.py:280
- Draft comment:
There's a typo in the f-string formatting. The empty string should be replaced with double quotes to avoid syntax errors.
msg = _format_block_smart(f'Ran {"whitelisted" if is_safe_cmd else ""} command', cmd, lang="bash") + "\n\n"
- Reason this comment was not posted:
Comment looked like it was already resolved.
Workflow ID: wflow_3KqKfOotNVh1Z3LB
You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.
0xbrayo
force-pushed
the
whitelist
branch
4 times, most recently
from
2ae077c to
c73de36
Compare
|
@ErikBjare I set the both openai and anthropic api keys in my repo secrets. But the errors are still there :( |
|
@ellipsis-dev review |
There was a problem hiding this comment.
👍 Looks good to me! Reviewed everything up to c3fe334 in 15 seconds
More details
- Looked at
45lines of code in1files - Skipped
0files when reviewing. - Skipped posting
1drafted comments based on config settings.
1. gptme/tools/shell.py:254
- Draft comment:
The regex used for command parsing does not account for control flow statements likeif,for,while, etc. This could lead to security issues if such commands are executed without confirmation. Consider enhancing the regex or adding additional checks to handle these cases. - Reason this comment was not posted:
Decided after close inspection that this draft comment was likely wrong and/or not actionable:
The comment is relevant to the changes made in the diff, specifically the introduction of a regex to parse commands. The concern about control flow statements is valid, as they can introduce security risks if not handled properly. The comment provides a clear suggestion to enhance the regex or add checks, which is actionable.
The comment assumes that control flow statements are a security risk without confirmation. It might be speculative unless there's evidence that these statements are indeed a risk in this context.
Control flow statements can indeed be a security risk if they allow execution of unintended commands. The comment is providing a precautionary measure, which is reasonable given the context of executing shell commands.
The comment is relevant and provides a valid concern about potential security issues with control flow statements. It suggests an actionable improvement to the code.
Workflow ID: wflow_5aYWERHs8G57XyS2
You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.
|
@ErikBjare I think this is ready, do I merge? The list of whitelisted commands could be extended but that can be done later. |
|
Sure, but ask for a review first next time :) |
| yield Message("system", "Command not run") | ||
| return | ||
| #NOTE: This does not handle control flow words like if, for, while. | ||
| regex = r"(?:^|[|&;]|\|\||&&|\n)\s*([^\s|&;]+)" |
There was a problem hiding this comment.
I tested the regex extensively but I guess it's the most unpredictable bit here.
There was a problem hiding this comment.
| #NOTE: This does not handle control flow words like if, for, while. | ||
| regex = r"(?:^|[|&;]|\|\||&&|\n)\s*([^\s|&;]+)" | ||
|
|
||
| for match in re.finditer(regex, cmd): |
Important
Adds a whitelist for shell commands in
execute_shell()to restrict execution and require confirmation for non-whitelisted commands.execute_shell()to restrict execution tols,stat,cd,cat,pwd,echo.askis true.execute_shell()to indicate if a command is whitelisted.This description was created by
for c3fe334. It will automatically update as commits are pushed.