wolverine-ai 4.5.2 → 4.5.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "wolverine-ai",
|
|
3
|
-
"version": "4.5.
|
|
3
|
+
"version": "4.5.3",
|
|
4
4
|
"description": "Self-healing Node.js server framework powered by AI. Catches crashes, diagnoses errors, generates fixes, verifies, and restarts — automatically.",
|
|
5
5
|
"main": "src/index.js",
|
|
6
6
|
"bin": {
|
|
@@ -44,15 +44,45 @@ const INJECTION_PATTERNS = [
|
|
|
44
44
|
// Vault key material leak — CRITICAL: block heal entirely
|
|
45
45
|
{ pattern: /0x[0-9a-fA-F]{64}/i, label: "key-leak-critical" },
|
|
46
46
|
{ pattern: /master\.key|eth\.vault|\.wolverine\/vault/i, label: "vault-path-leak" },
|
|
47
|
-
// Bash sandbox escape
|
|
48
|
-
|
|
49
|
-
{ pattern:
|
|
47
|
+
// Bash sandbox escape — mirrors BLOCKED_COMMANDS + _detectSandboxEscape from agent-engine
|
|
48
|
+
// Destructive system commands
|
|
49
|
+
{ pattern: /\brm\s+-rf\s+[/\\]/i, label: "destructive-bash" },
|
|
50
|
+
{ pattern: /\brmdir\s+[/\\]/i, label: "destructive-bash" },
|
|
51
|
+
{ pattern: /\bformat\s+[a-z]:/i, label: "destructive-bash" },
|
|
52
|
+
{ pattern: /\bmkfs\b/i, label: "destructive-bash" },
|
|
53
|
+
{ pattern: /\bdd\s+if=/i, label: "destructive-bash" },
|
|
54
|
+
{ pattern: /\b(shutdown|reboot|halt)\b/i, label: "destructive-bash" },
|
|
55
|
+
// Git destructive operations
|
|
56
|
+
{ pattern: /\bgit\s+push\s+--force/i, label: "destructive-git" },
|
|
57
|
+
{ pattern: /\bgit\s+reset\s+--hard/i, label: "destructive-git" },
|
|
58
|
+
{ pattern: /\bnpm\s+publish\b/i, label: "destructive-npm" },
|
|
59
|
+
// Pipe to shell / code execution
|
|
60
|
+
{ pattern: /\bcurl\b.*\|\s*(?:bash|sh)\b/i, label: "bash-pipe-exec" },
|
|
61
|
+
{ pattern: /\bwget\b.*\|\s*(?:bash|sh)\b/i, label: "bash-pipe-exec" },
|
|
62
|
+
// Data exfiltration via bash
|
|
63
|
+
{ pattern: /curl.*\$\(/i, label: "bash-exfil" },
|
|
50
64
|
{ pattern: /curl.*-[dF]\s*@/i, label: "bash-exfil" },
|
|
65
|
+
{ pattern: /curl.*--data-binary\s*@/i, label: "bash-exfil" },
|
|
51
66
|
{ pattern: /wget.*--post-file/i, label: "bash-exfil" },
|
|
52
|
-
{ pattern: /
|
|
53
|
-
|
|
67
|
+
{ pattern: /cat\s+\.env/i, label: "bash-secret-read" },
|
|
68
|
+
// Sandbox escape — writes outside project directory
|
|
69
|
+
{ pattern: /cd\s+\/(?!tmp)\w/i, label: "bash-escape" },
|
|
70
|
+
{ pattern: />\s*\/(?!tmp|dev\/null)\w/i, label: "bash-escape" },
|
|
71
|
+
{ pattern: /\btee\s+\/(?!tmp)\w/i, label: "bash-escape" },
|
|
72
|
+
{ pattern: /\bcp\s+.*\s+\/(?!tmp)\w/i, label: "bash-escape" },
|
|
73
|
+
{ pattern: /\bmv\s+.*\s+\/(?!tmp)\w/i, label: "bash-escape" },
|
|
74
|
+
// Writes to framework source (src/)
|
|
75
|
+
{ pattern: />\s*src\//i, label: "bash-src-write" },
|
|
76
|
+
{ pattern: /\bcp\s+.*\s+src\//i, label: "bash-src-write" },
|
|
77
|
+
{ pattern: /\btee\s+.*src\//i, label: "bash-src-write" },
|
|
78
|
+
{ pattern: /\bmv\s+.*\s+src\//i, label: "bash-src-write" },
|
|
79
|
+
// Reverse shell patterns
|
|
80
|
+
{ pattern: /\bnc\s+-[lpe]/i, label: "bash-reverse-shell" },
|
|
81
|
+
{ pattern: /\bbash\s+-i\b/i, label: "bash-reverse-shell" },
|
|
54
82
|
{ pattern: /\/dev\/tcp\//i, label: "bash-reverse-shell" },
|
|
55
|
-
{ pattern: /
|
|
83
|
+
{ pattern: /\bmkfifo\b/i, label: "bash-reverse-shell" },
|
|
84
|
+
{ pattern: /\bpython[23]?\s+-c\s+['"]import\s+(socket|os|subprocess)/i, label: "bash-reverse-shell" },
|
|
85
|
+
{ pattern: /\bperl\s+-e\s+['"].*socket/i, label: "bash-reverse-shell" },
|
|
56
86
|
];
|
|
57
87
|
|
|
58
88
|
/**
|