@contextfort-ai/openclaw-secure 0.1.0

package/monitor/bash_guard/checks/hostname.py

@@ -0,0 +1,183 @@
+import re
+import regex
+from ..patterns import (
+    LOOKALIKE_TLDS,
+    INVALID_HOST_CHARS,
+    UNICODE_DOTS,
+)
+from ..data import get_known_domains, skeleton, is_known_domain
+from .utils import levenshtein, extract_host_from_url
+
+
+def check_non_ascii_hostname(command):
+    urls = re.findall(r'https?://[^\s]+', command)
+
+    for url in urls:
+        host = extract_host_from_url(url)
+        if host and any(ord(c) > 127 for c in host):
+            return ("non_ascii_hostname", f"Non-ASCII characters in hostname: {host}")
+
+    return None
+
+
+def check_mixed_script_in_label(command):
+    urls = re.findall(r'https?://[^\s]+', command)
+
+    for url in urls:
+        host = extract_host_from_url(url)
+        if not host:
+            continue
+
+        for label in host.split("."):
+            if not label:
+                continue
+
+            scripts = set()
+            for char in label:
+                if char == "-" or char.isdigit():
+                    continue
+
+                if regex.match(r'\p{Script=Latin}', char):
+                    scripts.add('Latin')
+                elif regex.match(r'\p{Script=Cyrillic}', char):
+                    scripts.add('Cyrillic')
+                elif regex.match(r'\p{Script=Greek}', char):
+                    scripts.add('Greek')
+                elif regex.match(r'\p{Script=Han}', char):
+                    scripts.add('Han')
+                elif regex.match(r'\p{Script=Hiragana}', char):
+                    scripts.add('Hiragana')
+                elif regex.match(r'\p{Script=Katakana}', char):
+                    scripts.add('Katakana')
+                elif regex.match(r'\p{Script=Arabic}', char):
+                    scripts.add('Arabic')
+                elif regex.match(r'\p{Script=Hebrew}', char):
+                    scripts.add('Hebrew')
+
+            if len(scripts) > 1:
+                return ("mixed_script_in_label", f"Mixed scripts in hostname label '{label}': {scripts}")
+
+    return None
+
+
+def check_userinfo_trick(command):
+    urls = re.findall(r'https?://([^@/\s]+)@[^\s]+', command)
+
+    for userinfo in urls:
+        if "." in userinfo:
+            return ("userinfo_trick", f"Domain-like userinfo in URL: {userinfo}@...")
+
+    return None
+
+
+def check_confusable_domain(command):
+    known_domains = get_known_domains()
+    if not known_domains:
+        return None
+
+    urls = re.findall(r'https?://[^\s]+', command)
+
+    for url in urls:
+        host = extract_host_from_url(url)
+        if not host:
+            continue
+
+        host_lower = host.lower()
+
+        if host_lower in known_domains:
+            continue
+
+        host_skeleton = skeleton(host_lower)
+
+        for known in known_domains:
+            if host_skeleton == known and host_lower != known:
+                return ("confusable_domain", f"Domain '{host}' is visually similar to known domain '{known}'")
+
+            if len(known) >= 8:
+                len_diff = abs(len(host_lower) - len(known))
+                if len_diff <= 3 and levenshtein(host_lower, known) == 1:
+                    return ("confusable_domain", f"Domain '{host}' is 1 edit from known domain '{known}'")
+
+    return None
+
+
+def check_invalid_host_chars(command):
+    urls = re.findall(r'https?://[^\s]+', command)
+
+    for url in urls:
+        host = extract_host_from_url(url)
+        if not host:
+            continue
+
+        for char in host:
+            if char in INVALID_HOST_CHARS:
+                return ("invalid_host_chars", f"Invalid character '{char}' in hostname")
+            if char in UNICODE_DOTS:
+                return ("invalid_host_chars", f"Unicode dot character in hostname: U+{ord(char):04X}")
+            if ord(char) < 0x20 or char.isspace():
+                return ("invalid_host_chars", "Control character or whitespace in hostname")
+
+    return None
+
+
+def check_trailing_dot_whitespace(command):
+    urls = re.findall(r'https?://[^\s]+', command)
+
+    for url in urls:
+        host = extract_host_from_url(url)
+        if not host:
+            continue
+
+        if host.endswith("."):
+            return ("trailing_dot_whitespace", "Trailing dot in hostname")
+        if host[-1:].isspace():
+            return ("trailing_dot_whitespace", "Trailing whitespace in hostname")
+
+    return None
+
+
+def check_non_standard_port(command):
+    standard_ports = {80, 443, 22, 9418}
+
+    url_port_pattern = r'https?://([^:/\s]+):(\d+)'
+    matches = re.findall(url_port_pattern, command)
+
+    for host, port_str in matches:
+        try:
+            port = int(port_str)
+        except ValueError:
+            continue
+
+        if port in standard_ports:
+            continue
+
+        if is_known_domain(host.lower()):
+            return ("non_standard_port", f"Non-standard port {port} on known domain '{host}'")
+
+    return None
+
+
+def check_lookalike_tld(command):
+    urls = re.findall(r'https?://[^\s]+', command)
+    for url in urls:
+        host = url.split("://")[1].split("/")[0].split(":")[0].lower()
+        tld = host.rsplit(".", 1)[-1] if "." in host else ""
+        if tld in LOOKALIKE_TLDS:
+            return ("lookalike_tld", f"Lookalike TLD detected: .{tld}")
+
+    return None
+
+
+def check_punycode_domain(command):
+    if "xn--" in command.lower():
+        return ("punycode_domain", "Punycode domain detected (potential homograph)")
+
+    return None
+
+
+def check_raw_ip_url(command):
+    ipv4_pattern = r'https?://\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}'
+    if re.search(ipv4_pattern, command):
+        return ("raw_ip_url", "URL uses raw IP address instead of domain")
+
+    return None

package/monitor/bash_guard/checks/path.py

@@ -0,0 +1,57 @@
+import re
+from ..patterns import KNOWN_SENSITIVE_PATHS
+from .utils import levenshtein
+
+
+def check_non_ascii_path(command):
+    urls = re.findall(r'https?://[^\s]+', command)
+
+    for url in urls:
+        try:
+            parts = url.split("://")[1].split("/", 1)
+            if len(parts) < 2:
+                continue
+            path = "/" + parts[1]
+        except IndexError:
+            continue
+
+        if any(ord(c) > 127 for c in path):
+            return ("non_ascii_path", "Non-ASCII characters in URL path")
+
+    return None
+
+
+def check_homoglyph_in_path(command):
+    urls = re.findall(r'https?://[^\s]+', command)
+
+    for url in urls:
+        try:
+            path = url.split("://")[1].split("/", 1)
+            if len(path) < 2:
+                continue
+            path = "/" + path[1]
+        except IndexError:
+            continue
+
+        for segment in path.split("/"):
+            if not segment:
+                continue
+
+            has_ascii = any(c.isascii() and c.isalpha() for c in segment)
+            has_non_ascii = any(ord(c) > 127 for c in segment)
+
+            if has_ascii and has_non_ascii:
+                segment_lower = segment.lower()
+                for known in KNOWN_SENSITIVE_PATHS:
+                    if levenshtein(segment_lower, known) <= 2:
+                        return ("homoglyph_in_path", f"Potential homoglyph in path: '{segment}' looks like '{known}'")
+
+    return None
+
+
+def check_double_encoding(command):
+    if "%25" in command:
+        if re.search(r'%25[0-9a-fA-F]{2}', command):
+            return ("double_encoding", "Double-encoded URL path detected (%25XX)")
+
+    return None

package/monitor/bash_guard/checks/terminal.py

@@ -0,0 +1,44 @@
+from ..patterns import (
+    BIDI_CONTROL_CHARS,
+    ZERO_WIDTH_CHARS,
+    HIDDEN_COMMAND_INDICATORS,
+)
+
+
+def check_terminal_injection(command):
+    if '\x1b[' in command or '\x1b]' in command or '\x1b_' in command or '\x1bP' in command:
+        return ("ansi_escapes", "ANSI escape sequences detected")
+
+    for char in command:
+        code = ord(char)
+        if code < 0x20 and char not in ('\n', '\t', '\x1b'):
+            return ("control_chars", f"Control character detected: 0x{code:02x}")
+        if code == 0x7f:
+            return ("control_chars", "DEL control character detected")
+
+    for char in command:
+        if char in BIDI_CONTROL_CHARS:
+            return ("bidi_controls", f"Bidirectional control character: U+{ord(char):04X}")
+
+    for char in command:
+        if char in ZERO_WIDTH_CHARS:
+            return ("zero_width_chars", f"Zero-width character: U+{ord(char):04X}")
+
+    return None
+
+
+def check_hidden_multiline(command):
+    lines = command.split('\n')
+    if len(lines) <= 1:
+        return None
+
+    for i, line in enumerate(lines[1:], 1):
+        trimmed = line.strip()
+        if not trimmed:
+            continue
+
+        for indicator in HIDDEN_COMMAND_INDICATORS:
+            if indicator in trimmed:
+                return ("hidden_multiline", f"Hidden command on line {i+1}: {trimmed[:60]}")
+
+    return None

package/monitor/bash_guard/checks/transport.py

@@ -0,0 +1,155 @@
+import re
+from ..patterns import (
+    INTERPRETERS,
+    INSECURE_TLS_FLAGS,
+    URL_SHORTENERS,
+    CURL_UPLOAD_FLAGS,
+    WGET_UPLOAD_FLAGS,
+)
+from ..data import is_known_domain
+from .utils import split_commands, extract_host_from_url
+
+
+def check_insecure_tls_flags(command):
+    words = command.split()
+    for word in words:
+        clean = word.strip("'\"")
+        if clean in INSECURE_TLS_FLAGS:
+            return ("insecure_tls_flags", f"Insecure TLS flag: {clean}")
+
+    return None
+
+
+def check_shortened_url(command):
+    command_lower = command.lower()
+    for shortener in URL_SHORTENERS:
+        if shortener in command_lower:
+            return ("shortened_url", f"Shortened URL detected: {shortener}")
+
+    return None
+
+
+def _check_plain_http_to_sink_single(command):
+    """Check a single command for plain HTTP piped to sink."""
+    if "http://" not in command.lower():
+        return None
+
+    if "|" not in command:
+        return None
+
+    parts = command.split("|")
+    for part in parts[1:]:
+        words = part.strip().split()
+        if words:
+            cmd = words[0].lower().rsplit("/", 1)[-1]
+            if cmd in INTERPRETERS or cmd in ("sudo", "env"):
+                return ("plain_http_to_sink", "Plain HTTP URL piped to interpreter")
+
+    return None
+
+
+def check_plain_http_to_sink(command):
+    """Check for plain HTTP to sink, handling && and ; separators."""
+    for subcmd in split_commands(command):
+        result = _check_plain_http_to_sink_single(subcmd)
+        if result:
+            return result
+    return None
+
+
+def _check_schemeless_to_sink_single(command):
+    """Check a single command for schemeless URL piped to sink."""
+    if "|" not in command:
+        return None
+
+    schemeless_pattern = r'(?<!\w://)(?<!\w://www\.)([a-zA-Z0-9][-a-zA-Z0-9]*\.[a-zA-Z]{2,})/\S+'
+
+    parts = command.split("|")
+    first_part = parts[0]
+
+    if re.search(schemeless_pattern, first_part):
+        for part in parts[1:]:
+            words = part.strip().split()
+            if words:
+                cmd = words[0].lower().rsplit("/", 1)[-1]
+                if cmd in INTERPRETERS or cmd in ("sudo", "env"):
+                    return ("schemeless_to_sink", "Schemeless URL piped to interpreter")
+
+    return None
+
+
+def check_schemeless_to_sink(command):
+    """Check for schemeless URL to sink, handling && and ; separators."""
+    for subcmd in split_commands(command):
+        result = _check_schemeless_to_sink_single(subcmd)
+        if result:
+            return result
+    return None
+
+
+_LOCALHOST_HOSTS = {"localhost", "127.0.0.1", "::1"}
+
+
+def _check_curl_upload_single(command):
+    """Check a single command for curl/wget uploading data to unknown hosts."""
+    words = command.split()
+    if not words:
+        return None
+
+    cmd = words[0].rsplit("/", 1)[-1].lower()
+    if cmd not in ("curl", "wget"):
+        return None
+
+    upload_flags = CURL_UPLOAD_FLAGS if cmd == "curl" else WGET_UPLOAD_FLAGS
+
+    has_upload_flag = False
+    for word in words[1:]:
+        clean = word.strip("'\"")
+        # Exact match: -d, --data, etc.
+        if clean in upload_flags:
+            has_upload_flag = True
+            break
+        # Prefix match for flag=value: --data=foo, --post-file=secrets.txt
+        for flag in upload_flags:
+            if clean.startswith(flag + "="):
+                has_upload_flag = True
+                break
+        if has_upload_flag:
+            break
+
+    if not has_upload_flag:
+        return None
+
+    # Extract URL and check host
+    for word in words[1:]:
+        clean = word.strip("'\"")
+        if re.match(r'https?://', clean, re.IGNORECASE):
+            host = extract_host_from_url(clean)
+            if not host:
+                continue
+            host_lower = host.lower()
+            if host_lower in _LOCALHOST_HOSTS:
+                return None
+            # Check full host first (e.g. api.github.com), then parent domain
+            if is_known_domain(host_lower):
+                return None
+            parts = host_lower.split(".")
+            if len(parts) > 2:
+                parent = ".".join(parts[-2:])
+                if is_known_domain(parent):
+                    return None
+            return (
+                "curl_upload_to_unknown",
+                f"Data upload via {cmd} to unknown host: {host}",
+            )
+
+    return None
+
+
+def check_curl_upload(command):
+    """Check for curl/wget data uploads to unknown hosts, handling && and ; separators."""
+    for subcmd in split_commands(command):
+        result = _check_curl_upload_single(subcmd)
+        if result:
+            return result
+    return None

package/monitor/bash_guard/checks/utils.py

@@ -0,0 +1,93 @@
+def split_commands(command):
+    """
+    Split on && ; || while respecting quotes and escapes.
+    Note: Does not handle $() or () subshells.
+    """
+    result = []
+    current = []
+    i = 0
+    in_single = False
+    in_double = False
+
+    while i < len(command):
+        char = command[i]
+
+        # Backslash escape (not in single quotes - they're literal there)
+        if char == '\\' and not in_single and i + 1 < len(command):
+            current.append(char)
+            current.append(command[i + 1])
+            i += 2
+            continue
+
+        if char == '"' and not in_single:
+            in_double = not in_double
+            current.append(char)
+        elif char == "'" and not in_double:
+            in_single = not in_single
+            current.append(char)
+        elif not in_single and not in_double:
+            if command[i:i+2] in ('&&', '||'):
+                if current:
+                    result.append(''.join(current).strip())
+                    current = []
+                i += 2
+                continue
+            elif char == ';':
+                if current:
+                    result.append(''.join(current).strip())
+                    current = []
+            else:
+                current.append(char)
+        else:
+            current.append(char)
+        i += 1
+
+    if current:
+        result.append(''.join(current).strip())
+
+    return [c for c in result if c] or [command]
+
+
+def levenshtein(a, b):
+    m, n = len(a), len(b)
+    if m == 0:
+        return n
+    if n == 0:
+        return m
+
+    dp = [[0] * (n + 1) for _ in range(m + 1)]
+    for i in range(m + 1):
+        dp[i][0] = i
+    for j in range(n + 1):
+        dp[0][j] = j
+
+    for i in range(1, m + 1):
+        for j in range(1, n + 1):
+            cost = 0 if a[i-1] == b[j-1] else 1
+            dp[i][j] = min(
+                dp[i-1][j] + 1,
+                dp[i][j-1] + 1,
+                dp[i-1][j-1] + cost
+            )
+
+    return dp[m][n]
+
+
+def extract_host_from_url(url):
+    try:
+        if "://" in url:
+            rest = url.split("://")[1]
+        else:
+            rest = url
+
+        if "@" in rest.split("/")[0]:
+            rest = rest.split("@")[-1]
+
+        host_part = rest.split("/")[0]
+
+        if ":" in host_part:
+            host_part = host_part.rsplit(":", 1)[0]
+
+        return host_part
+    except (IndexError, ValueError):
+        return None

package/monitor/bash_guard/data/confusables.txt

@@ -0,0 +1,97 @@
+# Subset of Unicode confusable characters relevant to URL security
+# Format: confusable_codepoint target_codepoint # comment
+# Based on Unicode TR39 confusables.txt
+# Cyrillic -> Latin
+0430 0061 # а -> a
+0435 0065 # е -> e
+043E 006F # о -> o
+0440 0070 # р -> p
+0441 0063 # с -> c
+0443 0079 # у -> y
+0445 0078 # х -> x
+0456 0069 # і -> i
+0458 006A # ј -> j
+04BB 0068 # һ -> h
+0410 0041 # А -> A
+0412 0042 # В -> B
+0415 0045 # Е -> E
+041A 004B # К -> K
+041C 004D # М -> M
+041D 0048 # Н -> H
+041E 004F # О -> O
+0420 0050 # Р -> P
+0421 0043 # С -> C
+0422 0054 # Т -> T
+0425 0058 # Х -> X
+# Greek -> Latin
+03B1 0061 # α -> a
+03B5 0065 # ε -> e
+03B9 0069 # ι -> i
+03BF 006F # ο -> o
+03C1 0070 # ρ -> p
+03C5 0075 # υ -> u
+03C7 0078 # χ -> x
+# Fullwidth Latin
+FF21 0041 # Ａ -> A
+FF22 0042 # Ｂ -> B
+FF23 0043 # Ｃ -> C
+FF24 0044 # Ｄ -> D
+FF25 0045 # Ｅ -> E
+FF26 0046 # Ｆ -> F
+FF27 0047 # Ｇ -> G
+FF28 0048 # Ｈ -> H
+FF29 0049 # Ｉ -> I
+FF2A 004A # Ｊ -> J
+FF2B 004B # Ｋ -> K
+FF2C 004C # Ｌ -> L
+FF2D 004D # Ｍ -> M
+FF2E 004E # Ｎ -> N
+FF2F 004F # Ｏ -> O
+FF30 0050 # Ｐ -> P
+FF31 0051 # Ｑ -> Q
+FF32 0052 # Ｒ -> R
+FF33 0053 # Ｓ -> S
+FF34 0054 # Ｔ -> T
+FF35 0055 # Ｕ -> U
+FF36 0056 # Ｖ -> V
+FF37 0057 # Ｗ -> W
+FF38 0058 # Ｘ -> X
+FF39 0059 # Ｙ -> Y
+FF3A 005A # Ｚ -> Z
+FF41 0061 # ａ -> a
+FF42 0062 # ｂ -> b
+FF43 0063 # ｃ -> c
+FF44 0064 # ｄ -> d
+FF45 0065 # ｅ -> e
+FF46 0066 # ｆ -> f
+FF47 0067 # ｇ -> g
+FF48 0068 # ｈ -> h
+FF49 0069 # ｉ -> i
+FF4A 006A # ｊ -> j
+FF4B 006B # ｋ -> k
+FF4C 006C # ｌ -> l
+FF4D 006D # ｍ -> m
+FF4E 006E # ｎ -> n
+FF4F 006F # ｏ -> o
+FF50 0070 # ｐ -> p
+FF51 0071 # ｑ -> q
+FF52 0072 # ｒ -> r
+FF53 0073 # ｓ -> s
+FF54 0074 # ｔ -> t
+FF55 0075 # ｕ -> u
+FF56 0076 # ｖ -> v
+FF57 0077 # ｗ -> w
+FF58 0078 # ｘ -> x
+FF59 0079 # ｙ -> y
+FF5A 007A # ｚ -> z
+# Common lookalikes
+0131 006C # ı -> l (dotless i looks like l)
+0269 0069 # ɩ -> i
+026A 0069 # ɪ -> i
+1D00 0041 # ᴀ -> A (small cap)
+029F 004C # ʟ -> L
+0280 0052 # ʀ -> R
+# Dot variants
+FF0E 002E # ． -> . (fullwidth dot)
+3002 002E # 。 -> . (ideographic period)
+FF61 002E # ｡ -> . (halfwidth ideographic period)