






















@@ -20,6 +20,26 @@ describe("command-analysis risks", () => {
2020expect(detectInlineEvalArgv(["sudo", "-EH", "python3", "-c", "print(1)"])?.flag).toBe("-c");
2121expect(detectInlineEvalArgv(["sudo", "-i", "python3", "-c", "print(1)"])?.flag).toBe("-c");
2222expect(detectInlineEvalArgv(["sudo", "-s", "python3", "-c", "print(1)"])?.flag).toBe("-c");
23+expect(detectInlineEvalArgv(["sudo", "-k", "python3", "-c", "print(1)"])?.flag).toBe("-c");
24+expect(
25+detectInlineEvalArgv(["sudo", "--reset-timestamp", "python3", "-c", "print(1)"])?.flag,
26+).toBe("-c");
27+expect(
28+detectInlineEvalArgv(["sudo", "--command-timeout=1", "python3", "-c", "print(1)"])?.flag,
29+).toBe("-c");
30+expect(detectInlineEvalArgv(["sudo", "--chroot=/", "python3", "-c", "print(1)"])?.flag).toBe(
31+"-c",
32+);
33+expect(
34+detectInlineEvalArgv(["sudo", "PYTHONPATH=/tmp", "python3", "-c", "print(1)"])?.flag,
35+).toBe("-c");
36+expect(
37+detectInlineEvalArgv(["sudo", "-u", "root", "PYTHONPATH=/tmp", "python3", "-c", "print(1)"])
38+?.flag,
39+).toBe("-c");
40+expect(
41+detectInlineEvalArgv(["sudo", "--", "PYTHONPATH=/tmp", "python3", "-c", "print(1)"])?.flag,
42+).toBe("-c");
2343expect(detectInlineEvalArgv(["sudo", "--shell", "python3", "-c", "print(1)"])?.flag).toBe("-c");
2444expect(detectInlineEvalArgv(["sudo", "-Eu", "root", "python3", "-c", "print(1)"])?.flag).toBe(
2545"-c",
@@ -42,6 +62,9 @@ describe("command-analysis risks", () => {
4262it("keeps carrier inline eval detection command-boundary aware", () => {
4363expect(detectInlineEvalArgv(["command", "echo", "python3", "-c", "print(1)"])).toBeNull();
4464expect(detectInlineEvalArgv(["sudo", "echo", "python3", "-c", "print(1)"])).toBeNull();
65+expect(
66+detectInlineEvalArgv(["sudo", "FOO=bar", "echo", "python3", "-c", "print(1)"]),
67+).toBeNull();
4568expect(detectInlineEvalArgv(["env", "-S", 'echo python3 -c "print(1)"'])).toBeNull();
4669expect(detectInlineEvalArgv(["command", "-v", "python3", "-c", "print(1)"])).toBeNull();
4770});
@@ -115,6 +138,18 @@ describe("command-analysis risks", () => {
115138expect(buildCommandPayloadCandidates(["sudo", "-s", "/approve", "abc"])).toEqual([
116139"/approve abc",
117140]);
141+expect(buildCommandPayloadCandidates(["sudo", "-k", "/approve", "abc"])).toEqual([
142+"/approve abc",
143+]);
144+expect(buildCommandPayloadCandidates(["sudo", "--reset-timestamp", "/approve", "abc"])).toEqual(
145+["/approve abc"],
146+);
147+expect(
148+buildCommandPayloadCandidates(["sudo", "--command-timeout=1", "/approve", "abc"]),
149+).toEqual(["/approve abc"]);
150+expect(buildCommandPayloadCandidates(["sudo", "OPENCLAW_ENV=1", "/approve", "abc"])).toEqual([
151+"/approve abc",
152+]);
118153expect(buildCommandPayloadCandidates(["sudo", "--shell", "/approve", "abc"])).toEqual([
119154"/approve abc",
120155]);
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。