Salvaged from PR #35130 (the safe subset of jnibarger01's security pass): - threat_patterns.py: replace unbounded (?:\w+\s+)* filler with bounded {0,8} + cap scan input at MAX_SCAN_CHARS (64KiB), and bound the .* runs in the exfil/config-mod patterns. Kills catastrophic backtracking on adversarial near-misses. - hermes_state.py: cap FTS5 query length (MAX_FTS5_QUERY_CHARS) and extract quoted phrases with a linear scan instead of a regex so pathological quote runs can't induce backtracking. - acp_adapter/edit_approval.py + agent/tool_dispatch_helpers.py: recognize '*** Move File: src -> dst' V4A headers so patch-mode edits are permissioned/traversal-checked (previously only Update/Add/Delete), and surface a proposal for mode=patch V4A calls (previously replace-only). Tests: +ReDoS-bound + FTS5-cap + Move-File-target + V4A-approval cases. |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| test_approval_isolation.py | ||
| test_auth.py | ||
| test_edit_approval.py | ||
| test_entry.py | ||
| test_events.py | ||
| test_mcp_e2e.py | ||
| test_permissions.py | ||
| test_ping_suppression.py | ||
| test_registry_manifest.py | ||
| test_server.py | ||
| test_session.py | ||
| test_session_db_private_access.py | ||
| test_session_provenance.py | ||
| test_tools.py | ||