basic code safety regex check

2025-04-21 21:52:07 +02:00 · 2024-10-20 13:03:15 -05:00 · 2024-10-20 13:03:15 -05:00 · 7cafbeb9b7
commit 7cafbeb9b7
parent da5dcb6e3c
3 changed files with 47 additions and 1 deletions
--- a/src/agent/coder.js
+++ b/src/agent/coder.js
@ -1,4 +1,5 @@
 import { writeFile, readFile, mkdirSync } from 'fs';
+import { checkSafe } from '../utils/safety.js';
 import settings from '../../settings.js';

 export class Coder {
@ -129,6 +130,13 @@ export class Coder {
            }
            code = res.substring(res.indexOf('```')+3, res.lastIndexOf('```'));

+            if (!checkSafe(code)) {
+                console.warn(`Detected insecure generated code, not executing. Insecure code: \n\`${code}\``);
+                const message = 'Error: Code insecurity detected. Do not import, read/write files, execute dynamic code, or access the internet. Please try again:';
+                messages.push({ role: 'system', content: message });
+                continue;
+            }
+
            const execution_file = await this.stageCode(code);
            if (!execution_file) {
                agent_history.add('system', 'Failed to stage code, something is wrong.');
--- a/src/agent/library/skills.js
+++ b/src/agent/library/skills.js
@ -175,7 +175,7 @@ export async function smeltItem(bot, itemName, num=1) {
    if (!furnace.fuelItem()) {
        let fuel = mc.getSmeltingFuel(bot);
        if (!fuel) {
-            log(bot, `You have no fuel to smelt ${num} ${itemName}, you need ${put_fuel} coal, charcoal, or wood.`);
+            log(bot, `You have no fuel to smelt ${itemName}, you need coal, charcoal, or wood.`);
            if (placedFurnace)
                await collectBlock(bot, 'furnace', 1);
            return false;
--- a/src/utils/safety.js
+++ b/src/utils/safety.js
@ -0,0 +1,38 @@
+export function checkSafe(code) {
+    const dangerousPatterns = [
+        // Dynamic imports
+        /\bimport\s*\(/,
+        // Access to process and global
+        /\bprocess\b/,
+        /\bglobal\b/,
+        // Module manipulation
+        /\bmodule\b/,
+        /\bexports\b/,
+        // Require usage
+        /\brequire\s*\(/,
+        // Function constructors
+        /\bFunction\s*\(/,
+        /\beval\s*\(/,
+        // Access to __dirname and __filename
+        /\b__dirname\b/,
+        /\b__filename\b/,
+
+        // fetch
+        /\bfetch\s*\(/,
+        // XMLHttpRequest
+        /\bXMLHttpRequest\b/,
+        // Websockets
+        /\bWebSocket\b/,
+    ];
+
+    for (const pattern of dangerousPatterns) {
+        if (pattern.test(code)) {
+            return false;
+        }
+    }
+    return true;
+}
+
+// generated by o1
+// Basic check for malicious code like dynamic imports, code exec, disk access, internet access, etc.
+// Will not catch all, and can be bypassed by obfuscation.