From 36c367429c45c1ff9c347ca2a107a32cfe8821ab Mon Sep 17 00:00:00 2001 From: 123456wda Date: Fri, 15 May 2026 10:56:15 +0800 Subject: [PATCH] fix: add missing "> /dev/" dangerous command check in s09/s10/s11 s09_agent_teams.py, s10_team_protocols.py, and s11_autonomous_agents.py were missing the "> /dev/" entry in their dangerous command blocklist. This is present in s01, s06, s12, and s_full but was dropped when s09-s11 were written, creating a security regression where commands like `echo y > /dev/sda` could bypass the blocklist. --- agents/s09_agent_teams.py | 2 +- agents/s10_team_protocols.py | 2 +- agents/s11_autonomous_agents.py | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/agents/s09_agent_teams.py b/agents/s09_agent_teams.py index 90f6760df..bd666552a 100644 --- a/agents/s09_agent_teams.py +++ b/agents/s09_agent_teams.py @@ -260,7 +260,7 @@ def _safe_path(p: str) -> Path: def _run_bash(command: str) -> str: - dangerous = ["rm -rf /", "sudo", "shutdown", "reboot"] + dangerous = ["rm -rf /", "sudo", "shutdown", "reboot", "> /dev/"] if any(d in command for d in dangerous): return "Error: Dangerous command blocked" try: diff --git a/agents/s10_team_protocols.py b/agents/s10_team_protocols.py index d5475359c..3f9923da2 100644 --- a/agents/s10_team_protocols.py +++ b/agents/s10_team_protocols.py @@ -301,7 +301,7 @@ def _safe_path(p: str) -> Path: def _run_bash(command: str) -> str: - dangerous = ["rm -rf /", "sudo", "shutdown", "reboot"] + dangerous = ["rm -rf /", "sudo", "shutdown", "reboot", "> /dev/"] if any(d in command for d in dangerous): return "Error: Dangerous command blocked" try: diff --git a/agents/s11_autonomous_agents.py b/agents/s11_autonomous_agents.py index 3aec416b8..c3a62cdaa 100644 --- a/agents/s11_autonomous_agents.py +++ b/agents/s11_autonomous_agents.py @@ -389,7 +389,7 @@ def _safe_path(p: str) -> Path: def _run_bash(command: str) -> str: - dangerous = ["rm -rf /", "sudo", "shutdown", "reboot"] + dangerous = ["rm -rf /", "sudo", "shutdown", "reboot", "> /dev/"] if any(d in command for d in dangerous): return "Error: Dangerous command blocked" try: