ros/autocoder
1
0
Fork 0
mirror of https://github.com/leonvanzyl/autocoder.git synced 2026-01-30 06:12:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(security): add audit logging for shlex fallback parser

Browse Source 
- Add debug logging when shlex fallback extraction is used, capturing
  both successful extractions and failures for security auditing
- Add test case for docker nested quotes that trigger fallback parser
- Remove redundant comment about re import (already at module level)

Follow-up improvements from PR #127 code review:
- Enables tracking of malformed command patterns in production logs
- Verifies fallback parser handles the exact docker exec case reported

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Auto
2026-01-29 09:19:48 +02:00
parent 77b91caa85
commit ce6da81a34
2 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
test_security.py
View File

@@ -107,6 +107,8 @@ def test_extract_commands():
("/usr/bin/node script.js", ["node"]),
("VAR=value ls", ["ls"]),
("git status || git init", ["git", "git"]),
# Fallback parser test: complex nested quotes that break shlex
('docker exec container php -r "echo \\"test\\";"', ["docker"]),
]
for cmd, expected in test_cases: