mirrors/mindcraft
1
0
Fork 0
mirror of https://github.com/kolbytn/mindcraft.git synced 2025-04-23 14:42:07 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

basic code safety regex check

Browse source
This commit is contained in:
MaxRobinsonTheGreat 2024-10-20 13:03:15 -05:00
parent da5dcb6e3c
commit 7cafbeb9b7
3 changed files with 47 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/agent/coder.js
View file

@ -1,4 +1,5 @@
import { writeFile, readFile, mkdirSync } from 'fs'; import { writeFile, readFile, mkdirSync } from 'fs';
import { checkSafe } from '../utils/safety.js';
import settings from '../../settings.js'; import settings from '../../settings.js';
export class Coder { export class Coder {
@ -129,6 +130,13 @@ export class Coder {
} }
code = res.substring(res.indexOf('```')+3, res.lastIndexOf('```')); code = res.substring(res.indexOf('```')+3, res.lastIndexOf('```'));
if (!checkSafe(code)) {
console.warn(`Detected insecure generated code, not executing. Insecure code: \n\`${code}\``);
const message = 'Error: Code insecurity detected. Do not import, read/write files, execute dynamic code, or access the internet. Please try again:';
messages.push({ role: 'system', content: message });
continue;
}
const execution_file = await this.stageCode(code); const execution_file = await this.stageCode(code);
if (!execution_file) { if (!execution_file) {
agent_history.add('system', 'Failed to stage code, something is wrong.'); agent_history.add('system', 'Failed to stage code, something is wrong.');

2
src/agent/library/skills.js
View file

@ -175,7 +175,7 @@ export async function smeltItem(bot, itemName, num=1) {
if (!furnace.fuelItem()) { if (!furnace.fuelItem()) {
let fuel = mc.getSmeltingFuel(bot); let fuel = mc.getSmeltingFuel(bot);
if (!fuel) { if (!fuel) {
log(bot, `You have no fuel to smelt ${num} ${itemName}, you need ${put_fuel} coal, charcoal, or wood.`); log(bot, `You have no fuel to smelt ${itemName}, you need coal, charcoal, or wood.`);
if (placedFurnace) if (placedFurnace)
await collectBlock(bot, 'furnace', 1); await collectBlock(bot, 'furnace', 1);
return false; return false;

38
src/utils/safety.js Normal file
View file

@ -0,0 +1,38 @@
export function checkSafe(code) {
const dangerousPatterns = [
// Dynamic imports
/\bimport\s*\(/,
// Access to process and global
/\bprocess\b/,
/\bglobal\b/,
// Module manipulation
/\bmodule\b/,
/\bexports\b/,
// Require usage
/\brequire\s*\(/,
// Function constructors
/\bFunction\s*\(/,
/\beval\s*\(/,
// Access to __dirname and __filename
/\b__dirname\b/,
/\b__filename\b/,
// fetch
/\bfetch\s*\(/,
// XMLHttpRequest
/\bXMLHttpRequest\b/,
// Websockets
/\bWebSocket\b/,
];
for (const pattern of dangerousPatterns) {
if (pattern.test(code)) {
return false;
}
}
return true;
}
// generated by o1
// Basic check for malicious code like dynamic imports, code exec, disk access, internet access, etc.
// Will not catch all, and can be bypassed by obfuscation.