Lines 16-56javascript
16 // === 恶意命令 (DANGEROUS) ===
17 { pattern: /(^|[^a-zA-Z0-9_])rm\s+-rf\s+\//, category: '恶意命令', severity: 'DANGEROUS', description: 'rm -rf / 危险删除' },
18 { pattern: /curl.*\|.*bash/, category: '恶意命令', severity: 'DANGEROUS', description: 'curl 管道执行 bash' },
19 { pattern: /curl.*\|.*\bsh\b/, category: '恶意命令', severity: 'DANGEROUS', description: 'curl 管道执行 sh' },
20 { pattern: /wget.*\|.*sh/, category: '恶意命令', severity: 'DANGEROUS', description: 'wget 管道执行 sh' },
21 { pattern: /wget.*\|.*bash/, category: '恶意命令', severity: 'DANGEROUS', description: 'wget 管道执行 bash' },
22 { pattern: /chmod\s+777\s+\//, category: '恶意命令', severity: 'DANGEROUS', description: 'chmod 777 / 全局可写' },
23 { pattern: /mkfs\./, category: '恶意命令', severity: 'DANGEROUS', description: 'mkfs 格式化磁盘' },
24 { pattern: /dd\s+if=.*of=\/dev\//, category: '恶意命令', severity: 'DANGEROUS', description: 'dd 磁盘覆写' },
25 // === 密钥泄露 (DANGEROUS) ===
26 { pattern: /AKIA[0-9A-Z]{16}/, category: '密钥泄露', severity: 'DANGEROUS', description: 'AWS Access Key' },
27 { pattern: /sk-[a-zA-Z0-9]{20,}/, category: '密钥泄露', severity: 'DANGEROUS', description: 'OpenAI API Key' },
28 { pattern: /gh[pousr]_[A-Za-z0-9]{36}/, category: '密钥泄露', severity: 'DANGEROUS', description: 'GitHub Token' },
29 { pattern: /-----BEGIN.*PRIVATE KEY-----/, category: '密钥泄露', severity: 'DANGEROUS', description: 'PEM 私钥头' },
31 { pattern: /"type":\s*"service_account"/i, category: '密钥泄露', severity: 'DANGEROUS', description: 'Google Service Account Key' },
32 { pattern: /AccountKey=[a-zA-Z0-9+/]{50,}/, category: '密钥泄露', severity: 'DANGEROUS', description: 'Azure Storage Account Key' },
33 { pattern: /xox[baprs]-[0-9a-zA-Z-]{10,}/, category: '密钥泄露', severity: 'DANGEROUS', description: 'Slack Bot/User Token' },
34 { pattern: /sk_live_[0-9a-zA-Z]{24,}/, category: '密钥泄露', severity: 'DANGEROUS', description: 'Stripe Secret Key (Live)' },
35 { pattern: /glpat-[0-9a-zA-Z\-_]{20,}/, category: '密钥泄露', severity: 'DANGEROUS', description: 'GitLab Personal Access Token' },
36 // === 危险调用 (SUSPICIOUS) ===
37 { pattern: /eval\(.*[^0-9"'].*\)/, category: '危险调用', severity: 'SUSPICIOUS', description: 'eval() 非常量参数' },
38 { pattern: /os\.system\(/, category: '危险调用', severity: 'SUSPICIOUS', description: 'os.system() 系统调用' },
LowEval
Package source references a known benign dynamic code generation pattern.
dist/rules/skill-safety-rules.jsView on unpkg · L36 39 { pattern: /child_process\.exec/, category: '危险调用', severity: 'SUSPICIOUS', description: 'child_process.exec 命令执行' },
40 { pattern: /subprocess\.call/, category: '危险调用', severity: 'SUSPICIOUS', description: 'subprocess.call 命令执行' },
41 { pattern: /new\s+Function\(/, category: '危险调用', severity: 'SUSPICIOUS', description: 'new Function() 动态执行' },
42 // === 注入攻击 / 数据外泄 (SUSPICIOUS) ===
43 { pattern: /(^|[^a-zA-Z])(ignore|forget|disregard)\s+(previous|all|above)\s*(instructions|prompts|rules)/i, category: '注入攻击', severity: 'SUSPICIOUS', description: 'ignore previous instructions 注入' },
44 { pattern: /webhook\.site|requestbin|pipedream/, category: '注入攻击', severity: 'SUSPICIOUS', description: '数据外泄端点' },
46 { pattern: /base64\s+.*decode/, category: '混淆代码', severity: 'SUSPICIOUS', description: 'Base64 解码(可能混淆载荷)' },
47 { pattern: /eval\(atob\(/, category: '混淆代码', severity: 'DANGEROUS', description: 'eval(atob()) Base64 混淆执行' },
49/** 预编译规则(去除 g flag,避免 lastIndex 状态问题) */
50exports.COMPILED_RULES = RULES.map(r => ({
52 regex: new RegExp(r.pattern.source, r.pattern.flags.replace(/g/g, '')),
54// ============================================================
55// v0.97 新增密钥规则的已知 FP(误报)风险评估
56// ============================================================