fix(security-guidance): add exclude_substrings to cut false positives#61373
Open
zhang-liz wants to merge 2 commits into
Open
fix(security-guidance): add exclude_substrings to cut false positives#61373zhang-liz wants to merge 2 commits into
zhang-liz wants to merge 2 commits into
Conversation
Adds an optional `exclude_substrings` field to the SECURITY_PATTERNS
schema. A rule matches only if at least one occurrence of its trigger
substring is NOT inside any excluded substring, so the existing
substring API stays simple while common false-positive shapes can be
suppressed without disabling the rule.
Populated for four rules whose triggers were the most over-matching:
- eval_injection: excludes ast.literal_eval / literal_eval / safe_eval
- child_process_exec: excludes db.exec, stmt.exec, regex .exec(/...),
and a handful of common doc/code-fence shapes for bare 'exec('
- new_function_injection: excludes 'new Functionality',
'new FunctionComponent', and related identifier prefixes
- pickle_deserialization: excludes 'import pickle', 'pickle.dump' and
similar non-deserialization shapes, plus 'pickled' / 'pickle_jar'
Real risk shapes (eval(userInput), child_process.exec, new Function(,
pickle.load) continue to match as before.
Closes anthropics#55464
Refs anthropics#46720
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Covers _exclude_covers_all_matches coverage logic and the four rules updated in the previous commit, plus a regression set for the path-based GitHub Actions workflow rule and the unchanged content rules (dangerouslySetInnerHTML, document.write, innerHTML, os.system). Run: python3 -m unittest plugins/security-guidance/hooks/test_security_reminder_hook.py Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This was referenced May 23, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The
security-guidanceplugin's content-based rules use plain substring matching, which produces well-known false positives for several common identifier and call shapes:eval(matchesast.literal_eval((Python stdlib's safe parser) — see security-guidance plugin: eval_injection rule falsely flags ast.literal_eval() #55464exec(matchesdb.exec(...),stmt.exec(...), regex.exec(/.../), doc/code-fence mentions, etc. — see [BUG] security-guidance hook blocks markdown/doc writes containing "exec(" substring #46720new Functionmatchesnew Functionality,new FunctionComponentpicklematchespickled,pickle_jar, and bareimport pickle/pickle.dump(serialization, not deserialization)This PR adds an optional
exclude_substringsfield to the SECURITY_PATTERNS schema. A rule matches only if at least one occurrence of its trigger substring is not inside any excluded substring, so:exclude_substringsbehave exactly as before (backward compatible)Schema follows the design proposed by the issue author in #55464.
Case matrix
value = ast.literal_eval(raw)eval(result = eval(user_input)eval(ast.literal_eval(a); eval(b)eval(eval(b))db.exec(schema)exec(child_process.exec(cmd)exec(\exec(query)`` in markdownexec(new Functionalitynew Functionnew Function('return ' + x)new Functionimport pickle; pickle.dump(o,f)pickleimport pickle; pickle.load(f)pickleTest plan
python3 -m unittest plugins/security-guidance/hooks/test_security_reminder_hook.py— 25 tests, all pass locallyCloses / refs
ast.literal_evalfalse positive)exec(false positive — addressed at the substring level rather than via a file-extension allowlist, so source-file false positives are also covered)🤖 Generated with Claude Code