Skip to content

fix: refactor bash validation#1400

Merged
akihikokuroda merged 4 commits into
generative-computing:mainfrom
akihikokuroda:refactorbashvalidation
Jul 18, 2026
Merged

fix: refactor bash validation#1400
akihikokuroda merged 4 commits into
generative-computing:mainfrom
akihikokuroda:refactorbashvalidation

Conversation

@akihikokuroda

Copy link
Copy Markdown
Member

Pull Request

Issue

Fix #1398

Description

  1. Bug Fixes (Phase 1):
  • Fixed --login typo in interactive shell detection (both files)
  • Improved git pattern to catch --force-with-lease variants
  • Added apt/yum dangerous flag detection to pattern framework
  1. Audit Trail Consolidation (Phase 2):
  • Refactored validation to make check_all_patterns() canonical entry point
  • All violations now recorded with audit trail (pattern, severity, category, reason)
  • Nested command validation extracted into dedicated function
  • Improved DestructiveGitPattern for --force-* and --directory flags

Testing

  • Tests added to the respective file if code was changed
  • New code has 100% coverage if code was added
  • Ensure existing tests and github automation passes (a maintainer will kick off the github automation when the rest of the PR is populated)

Attribution

  • AI coding assistants used

Adding a new component, requirement, sampling strategy, or tool?

If your PR adds or modifies one of the types below, check the matching box. A checklist of type-specific review items will be posted as a comment.

  • Component
  • Requirement
  • Sampling Strategy
  • Tool

NOTE: Please ensure you have an issue that has been acknowledged by a core contributor and routed you to open a pull request against this repository. Otherwise, please open an issue before continuing with this pull request.

@akihikokuroda akihikokuroda changed the title refactor bash validation fix: refactor bash validation Jul 15, 2026
@github-actions github-actions Bot added the bug Something isn't working label Jul 15, 2026
@akihikokuroda
akihikokuroda marked this pull request as ready for review July 16, 2026 19:34
@akihikokuroda
akihikokuroda requested a review from a team as a code owner July 16, 2026 19:34
@akihikokuroda

Copy link
Copy Markdown
Member Author

Some tests are added suggested in #1398 (comment)

Signed-off-by: Akihiko Kuroda <akihikokuroda2020@gmail.com>
Signed-off-by: Akihiko Kuroda <akihikokuroda2020@gmail.com>
@akihikokuroda
akihikokuroda force-pushed the refactorbashvalidation branch from d878372 to 57b5f18 Compare July 16, 2026 20:01

@AngeloDanducci AngeloDanducci left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One additional comment not inlined, looking at the issue it seems we want to allow single semicolon terminators.

However this sample snippet seems to fail

pattern = ShellOperatorPattern()
is_dangerous, _ = pattern.check(["find", "logs", "-exec", "cat", "{}", ";"])
assert is_dangerous is False

Comment thread mellea/stdlib/tools/shell.py
Comment thread test/stdlib/tools/test_bash_guardrails.py Outdated
@akihikokuroda

Copy link
Copy Markdown
Member Author
pattern = ShellOperatorPattern()
is_dangerous, _ = pattern.check(["find", "logs", "-exec", "cat", "{}", ";"])
assert is_dangerous is False

is working now.

Thanks!

Signed-off-by: Akihiko Kuroda <akihikokuroda2020@gmail.com>

@AngeloDanducci AngeloDanducci left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few more nits on second read through.

Comment thread mellea/stdlib/tools/_bash_patterns.py Outdated
return False, ""

# Check for dangerous flags: -f (force), -r (recursive)
dangerous_flags = {"-f", "--force", "-r", "--recursive", "--force-all"}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
dangerous_flags = {"-f", "--force", "-r", "--recursive", "--force-all"}
dangerous_flags = {"-rf", "-f", "--force", "-r", "--recursive", "--force-all"}

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The "-rf" and tests for it added.

pytest.skip("MelleaTool not available")


class TestBashValidationBugFixes:

@AngeloDanducci AngeloDanducci Jul 17, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One coverage gap I think - there's no test that a nested-command rejection records a violation with pattern_name="NestedDangerousCommandPattern". The audit-trail tests all go through check_all_patterns, not _check_nested_dangerous_commands.

test/stdlib/tools/test_shell.py (append to TestBashValidationBugFixes)

Suggestion deletes the class line but it's just meant as a test to be added under this class.

Suggested change
class TestBashValidationBugFixes:
def test_nested_dangerous_command_records_violation(self) -> None:
"""Nested-command rejections (e.g. env sudo) record an audit violation."""
from mellea.stdlib.tools._bash_audit import get_bash_violations
initial_count = len(get_bash_violations())
env = StaticBashEnvironment()
result = env.execute("env sudo whoami")
assert result.skipped is True
assert result.success is False
violations = get_bash_violations()
assert len(violations) > initial_count
assert violations[-1].pattern == "NestedDangerousCommandPattern"
assert violations[-1].category == "nested_command"

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This test is added.

Signed-off-by: Akihiko Kuroda <akihikokuroda2020@gmail.com>

@AngeloDanducci AngeloDanducci left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Everything I spotted looks good, thanks for the followups Aki.

@akihikokuroda
akihikokuroda added this pull request to the merge queue Jul 18, 2026
@github-merge-queue
github-merge-queue Bot removed this pull request from the merge queue due to failed status checks Jul 18, 2026
@akihikokuroda
akihikokuroda added this pull request to the merge queue Jul 18, 2026
Merged via the queue into generative-computing:main with commit 8ab6bf1 Jul 18, 2026
9 checks passed
@akihikokuroda
akihikokuroda deleted the refactorbashvalidation branch July 18, 2026 03:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug Something isn't working

Projects

None yet

Development

Successfully merging this pull request may close these issues.

code duplication and consolidation opportunity in the bash security validation logic

2 participants