fullcourtdefense-cli 1.14.6 → 1.14.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/discoverAgentFiles.js +16 -11
- package/dist/version.json +1 -1
- package/package.json +1 -1
|
@@ -41,7 +41,9 @@ const path = __importStar(require("path"));
|
|
|
41
41
|
const MAX_FILES = 150;
|
|
42
42
|
const MAX_FILE_BYTES = 512 * 1024;
|
|
43
43
|
const EXCERPT_LEN = 180;
|
|
44
|
-
const NEGATED_RISK_LINE = /\b(?:do not|don't|never|avoid|forbid|block|wrong|bad|dangerous|must not)\b/i;
|
|
44
|
+
const NEGATED_RISK_LINE = /\b(?:do not|does not|don't|not an? (?:instruction|permission)|not permission|never|avoid|forbid|block|wrong|bad|dangerous|must not)\b/i;
|
|
45
|
+
const ACTIVE_AGENT_SUBJECT = /\b(?:agent|assistant|model|tool|mcp|skill|it)\b/i;
|
|
46
|
+
const EMBEDDED_SECRET_VALUE = /\b(?:sk-(?:proj-)?[A-Za-z0-9_-]{24,}|ghp_[A-Za-z0-9_]{24,}|github_pat_[A-Za-z0-9_]{24,}|glpat-[A-Za-z0-9_-]{20,}|npm_[A-Za-z0-9]{24,}|hf_[A-Za-z0-9]{24,}|gsk_[A-Za-z0-9]{24,}|AKIA[0-9A-Z]{16}|AIza[0-9A-Za-z_-]{28,}|xox[baprs]-[A-Za-z0-9-]{20,})\b/;
|
|
45
47
|
function stripCodeBlocks(content) {
|
|
46
48
|
return content.replace(/```[\s\S]*?```/g, '');
|
|
47
49
|
}
|
|
@@ -70,31 +72,34 @@ function lineHasRiskIntent(line, action, target) {
|
|
|
70
72
|
function lineHasOrderedRiskIntent(line, pattern) {
|
|
71
73
|
return !NEGATED_RISK_LINE.test(line) && pattern.test(line);
|
|
72
74
|
}
|
|
75
|
+
function lineHasActiveAgentRisk(line, pattern) {
|
|
76
|
+
return !NEGATED_RISK_LINE.test(line) && ACTIVE_AGENT_SUBJECT.test(line) && pattern.test(line);
|
|
77
|
+
}
|
|
73
78
|
function analyzeContent(content) {
|
|
74
79
|
const tags = new Set();
|
|
75
80
|
const text = stripCodeBlocks(content);
|
|
76
81
|
const lines = text.split(/\r?\n/).map(line => line.trim()).filter(Boolean);
|
|
77
82
|
const whole = lines.join('\n');
|
|
78
|
-
if (/\b(?:
|
|
79
|
-
tags.add('jailbreak_hint');
|
|
80
|
-
}
|
|
81
|
-
if (/\b(?:always allow|never block|disable security|skip validation)\b/i.test(whole)) {
|
|
82
|
-
tags.add('weak_guardrails');
|
|
83
|
-
}
|
|
84
|
-
if (/\b(?:api[_-]?key|secret|password|token)\s*[:=]/i.test(whole)) {
|
|
83
|
+
if (/\b(?:api[_-]?key|secret|password|token)\s*[:=]\s*/i.test(whole) && EMBEDDED_SECRET_VALUE.test(whole)) {
|
|
85
84
|
tags.add('embedded_secret_ref');
|
|
86
85
|
}
|
|
87
86
|
for (const line of lines) {
|
|
88
|
-
if (
|
|
87
|
+
if (lineHasActiveAgentRisk(line, /\b(?:allow|can|may|must|should|use|execute|invoke|enable|grant)\b.{0,100}\b(?:shell|bash|exec|subprocess|run_command|command runner|terminal)\b/i)) {
|
|
89
88
|
tags.add('allows_shell');
|
|
90
89
|
}
|
|
91
|
-
if (
|
|
90
|
+
if (lineHasActiveAgentRisk(line, /\b(?:allow|can|may|must|should|read|write|access|trust|grant)\b.{0,100}\b(?:read any file|full filesystem|entire filesystem|trusted workspace|workspace trust|\/etc\/passwd|sudo)\b/i)) {
|
|
92
91
|
tags.add('broad_filesystem');
|
|
93
92
|
}
|
|
93
|
+
if (lineHasOrderedRiskIntent(line, /\b(?:ignore (?:all )?(?:previous )?instructions|bypass safety|bypass guardrails|DAN mode)\b/i)) {
|
|
94
|
+
tags.add('jailbreak_hint');
|
|
95
|
+
}
|
|
96
|
+
if (lineHasOrderedRiskIntent(line, /\b(?:always allow|disable security|skip validation|bypass validation)\b/i)) {
|
|
97
|
+
tags.add('weak_guardrails');
|
|
98
|
+
}
|
|
94
99
|
if (lineHasRiskIntent(line, /\b(?:auto[- ]?approve|without asking|unattended|non[- ]?interactive|yolo mode)\b/i)) {
|
|
95
100
|
tags.add('auto_approval');
|
|
96
101
|
}
|
|
97
|
-
if (lineHasOrderedRiskIntent(line, /\b(?:exfiltrate|send|post|upload|curl|wget)\b.{0,120}\b(?:secret|token|credential|api[_-]?key|env|customer|database|private|confidential)\b/i)) {
|
|
102
|
+
if (lineHasOrderedRiskIntent(line, /\b(?:exfiltrate\b|(?:send|post|upload|curl|wget)\b.{0,120}\b(?:secret|token|credential|api[_-]?key|env|customer|database|private|confidential)\b.{0,120}\b(?:webhook|https?:|external|slack|email|url)|(?:send|post|upload|curl|wget)\b.{0,120}\b(?:webhook|https?:|external|slack|email|url)\b.{0,120}\b(?:secret|token|credential|api[_-]?key|env|customer|database|private|confidential))\b/i)) {
|
|
98
103
|
tags.add('network_exfil');
|
|
99
104
|
}
|
|
100
105
|
if (lineHasOrderedRiskIntent(line, /\b(?:allow|can|may|must|should|run|execute|auto[- ]?approve)\b.{0,120}\b(?:transfer funds|delete all|publish package|npm publish|git push|drop table|remove directory)\b/i)) {
|
package/dist/version.json
CHANGED