@vtstech/pi-security 1.2.1 → 1.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +2 -2
- package/security.js +5 -4
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@vtstech/pi-security",
|
|
3
|
-
"version": "1.2.
|
|
3
|
+
"version": "1.2.2",
|
|
4
4
|
"description": "Security extension for Pi Coding Agent",
|
|
5
5
|
"main": "security.js",
|
|
6
6
|
"keywords": ["pi-package", "pi", "pi-coding-agent", "pi-extensions"],
|
|
@@ -14,7 +14,7 @@
|
|
|
14
14
|
"url": "https://github.com/VTSTech/pi-coding-agent"
|
|
15
15
|
},
|
|
16
16
|
"dependencies": {
|
|
17
|
-
"@vtstech/pi-shared": "1.2.
|
|
17
|
+
"@vtstech/pi-shared": "1.2.2"
|
|
18
18
|
},
|
|
19
19
|
"peerDependencies": {
|
|
20
20
|
"@mariozechner/pi-coding-agent": ">=0.66"
|
package/security.js
CHANGED
|
@@ -156,11 +156,12 @@ function security_temp_default(pi) {
|
|
|
156
156
|
const input = event.input ?? {};
|
|
157
157
|
const toolCallId = event.toolCallId;
|
|
158
158
|
let result;
|
|
159
|
+
const currentMode = getSecurityMode();
|
|
159
160
|
switch (toolName) {
|
|
160
161
|
case "bash":
|
|
161
162
|
case "shell":
|
|
162
163
|
case "run_command":
|
|
163
|
-
result = checkBashToolInput(input);
|
|
164
|
+
result = checkBashToolInput(input, currentMode);
|
|
164
165
|
break;
|
|
165
166
|
case "read":
|
|
166
167
|
case "read_file":
|
|
@@ -170,17 +171,17 @@ function security_temp_default(pi) {
|
|
|
170
171
|
case "edit_file":
|
|
171
172
|
case "list_directory":
|
|
172
173
|
case "list_dir":
|
|
173
|
-
result = checkFileToolInput(input);
|
|
174
|
+
result = checkFileToolInput(input, currentMode);
|
|
174
175
|
break;
|
|
175
176
|
case "http_get":
|
|
176
177
|
case "http_post":
|
|
177
178
|
case "fetch":
|
|
178
179
|
case "web_search":
|
|
179
180
|
case "http_request":
|
|
180
|
-
result = checkHttpToolInput(input);
|
|
181
|
+
result = checkHttpToolInput(input, currentMode);
|
|
181
182
|
break;
|
|
182
183
|
default:
|
|
183
|
-
result = checkInjectionPatterns(input);
|
|
184
|
+
result = checkInjectionPatterns(input, currentMode);
|
|
184
185
|
break;
|
|
185
186
|
}
|
|
186
187
|
if (!result.safe) {
|