@vtstech/pi-security 1.0.9 → 1.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -3
- package/package.json +2 -2
- package/security.js +2 -1
package/README.md
CHANGED
|
@@ -13,10 +13,10 @@ pi install "npm:@vtstech/pi-security"
|
|
|
13
13
|
## Protection
|
|
14
14
|
|
|
15
15
|
- **65 blocked commands** — system modification, privilege escalation, network attacks, package management, process control, shell escapes
|
|
16
|
-
- **SSRF protection** —
|
|
17
|
-
- **Path validation** — prevents filesystem escape and access to critical system directories
|
|
16
|
+
- **SSRF protection** — 29 blocked hostname patterns (full `127.0.0.0/8` loopback range, RFC1918 private ranges, cloud metadata endpoints, IPv4-mapped IPv6 `::ffff:127.0.0.1` and `::ffff:0.0.0.0`)
|
|
17
|
+
- **Path validation** — prevents filesystem escape and access to critical system directories; symlinks are dereferenced via `fs.realpathSync()` to block `/tmp/evil → /etc/passwd` bypasses
|
|
18
18
|
- **Shell injection detection** — regex patterns for command chaining, substitution, and redirection
|
|
19
|
-
- **Audit logging** — JSON-lines audit log at `~/.pi/agent/audit.log`
|
|
19
|
+
- **Audit logging** — JSON-lines audit log at `~/.pi/agent/audit.log` (path exported as `AUDIT_LOG_PATH` for cross-extension use)
|
|
20
20
|
|
|
21
21
|
## Links
|
|
22
22
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@vtstech/pi-security",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.1.1",
|
|
4
4
|
"description": "Security extension for Pi Coding Agent",
|
|
5
5
|
"main": "security.js",
|
|
6
6
|
"keywords": ["pi-extensions"],
|
|
@@ -14,7 +14,7 @@
|
|
|
14
14
|
"url": "https://github.com/VTSTech/pi-coding-agent"
|
|
15
15
|
},
|
|
16
16
|
"dependencies": {
|
|
17
|
-
"@vtstech/pi-shared": "1.
|
|
17
|
+
"@vtstech/pi-shared": "1.1.1"
|
|
18
18
|
},
|
|
19
19
|
"peerDependencies": {
|
|
20
20
|
"@mariozechner/pi-coding-agent": ">=0.66"
|
package/security.js
CHANGED
|
@@ -10,6 +10,7 @@ import {
|
|
|
10
10
|
BLOCKED_URL_PATTERNS
|
|
11
11
|
} from "@vtstech/pi-shared/security";
|
|
12
12
|
import { section, ok, fail, warn, info } from "@vtstech/pi-shared/format";
|
|
13
|
+
import { EXTENSION_VERSION } from "@vtstech/pi-shared/ollama";
|
|
13
14
|
function security_temp_default(pi) {
|
|
14
15
|
const stats = {
|
|
15
16
|
blocked: 0,
|
|
@@ -18,7 +19,7 @@ function security_temp_default(pi) {
|
|
|
18
19
|
byRule: {}
|
|
19
20
|
};
|
|
20
21
|
const branding = [
|
|
21
|
-
` \u26A1 Pi Security Extension
|
|
22
|
+
` \u26A1 Pi Security Extension v${EXTENSION_VERSION}`,
|
|
22
23
|
` Written by VTSTech`,
|
|
23
24
|
` GitHub: https://github.com/VTSTech`,
|
|
24
25
|
` Website: www.vts-tech.org`
|