feat: Add command safety checks to prevent execution of dangerous shell commands

2025-05-19 21:22:27 -06:00 · 2025-05-19 21:22:27 -06:00 · 90c024acce
commit 90c024acce
parent decc7aa2fb
1 changed files with 35 additions and 2 deletions
--- a/cogs/teto_cog.py
+++ b/cogs/teto_cog.py
@ -74,6 +74,36 @@ class TetoCog(commands.Cog):
        except Exception as e:
            return f"Error executing command: {e}"

+    def _is_dangerous_command(self, command: str) -> bool:
+        """Checks if a command is potentially dangerous using regex."""
+        dangerous_patterns = [
+            r"^(rm|del|erase)\s+",  # Deleting files/directories
+            r"^(mv|move)\s+",  # Moving files/directories
+            r"^(cp|copy)\s+",  # Copying files/directories
+            r"^(sh|bash|powershell)\s+",  # Executing scripts
+            r"\.(exe|bat|sh)\s*",  # Executing binaries/scripts by extension
+            r"^(nmap|nc|telnet)\s+",  # Networking tools
+            r"^(shutdown|reboot)\s*",  # System shutdown/restart
+            r"^(regedit|sysctl)\s+",  # System configuration
+            r"format\s+\w:", # Formatting drives
+            r"dd\s+", # Disk dumping
+            r"mkfs\s+", # Creating file systems
+            r"fdisk\s+", # Partitioning disks
+            r"parted\s+", # Partitioning disks
+            r"wipefs\s+", # Wiping file system signatures
+            r"shred\s+", # Securely deleting files
+            r"nohup\s+", # Running commands immune to hangups
+            r"&", # Command chaining
+            r"|", # Command piping
+            r">", # Output redirection
+            r"<", # Input redirection
+            r";", # Command separation
+        ]
+        command_lower = command.lower()
+        for pattern in dangerous_patterns:
+            if re.search(pattern, command_lower):
+                return True
+        return False

    async def _teto_reply_ai_with_messages(self, messages):
        """
@ -136,8 +166,11 @@ class TetoCog(commands.Cog):
                    if self._allow_shell_commands:
                        command, _ = extract_shell_command(ai_content)
                        if command:
-                            # Execute the shell command
-                            tool_result = await self._execute_shell_command(command)
+                            if self._is_dangerous_command(command):
+                                tool_result = "Error: This command is potentially dangerous and cannot be executed."
+                            else:
+                                # Execute the shell command
+                                tool_result = await self._execute_shell_command(command)

                            # Append the original message and tool result to the conversation
                            messages.append({"role": "assistant", "content": ai_content})