Co-authored-by: Antoine <33425718+anth2o@users.noreply.github.com>
Co-authored-by: Bastien <bastien.baret@gmail.com>
Co-authored-by: Clément Sirieix <clement.sirieix@mistral.ai>
Co-authored-by: Kim-Adeline Miguel <51720070+kimadeline@users.noreply.github.com>
Co-authored-by: Mathias Gesbert <mathias.gesbert@mistral.ai>
Co-authored-by: Maxime Dolores <maxime.dolores@ext.mistral.ai>
Co-authored-by: Michel Thomazo <51709227+michelTho@users.noreply.github.com>
Co-authored-by: Nelson PROIA <144663685+Nelson-PROIA@users.noreply.github.com>
Co-authored-by: Pierre Rossinès <pierre.rossines@mistral.ai>
Co-authored-by: Quentin <quentin.torroba@mistral.ai>
Co-authored-by: Robin Gullo <robin.gullo@mistral.ai>
Co-authored-by: Mistral Vibe <vibe@mistral.ai>
This commit is contained in:
Clément Drouin 2026-04-28 17:44:07 +02:00 committed by GitHub
parent a83c81ecf5
commit 632ea8c032
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
253 changed files with 13965 additions and 2525 deletions

View file

@ -77,15 +77,53 @@ async def test_decodes_non_utf8_bytes(bash):
assert result.stderr == ""
def test_find_not_in_default_allowlist():
bash_tool = Bash(config_getter=lambda: BashToolConfig(), state=BaseToolState())
# find -exec runs arbitrary commands; must not be allowlisted by default
permission = bash_tool.resolve_permission(BashArgs(command="find . -exec id \\;"))
assert (
not isinstance(permission, PermissionContext)
or permission.permission is not ToolPermission.ALWAYS
@pytest.mark.parametrize("predicate", ["-exec", "-execdir", "-ok", "-okdir"])
def test_find_execution_predicates_force_ask(predicate: str):
config = BashToolConfig(permission=ToolPermission.ALWAYS)
bash_tool = Bash(config_getter=lambda: config, state=BaseToolState())
permission = bash_tool.resolve_permission(
BashArgs(command=f"find . {predicate} id \\;")
)
assert isinstance(permission, PermissionContext)
assert permission.permission is ToolPermission.ASK
assert [required.label for required in permission.required_permissions] == [
f"find . {predicate} id \\;"
]
def test_find_exec_compound_includes_companion_required_permission():
config = BashToolConfig(permission=ToolPermission.ALWAYS)
bash_tool = Bash(config_getter=lambda: config, state=BaseToolState())
permission = bash_tool.resolve_permission(
BashArgs(command='find . -exec id \\; && python3 -c "import os"')
)
assert isinstance(permission, PermissionContext)
assert permission.permission is ToolPermission.ASK
labels = {rp.label for rp in permission.required_permissions}
assert any("find" in label for label in labels), (
f"Expected a find-exec RequiredPermission, got {labels}"
)
assert any("python3" in label for label in labels), (
f"Companion command should also require permission, got {labels}"
)
def test_find_execution_predicate_does_not_override_denylist():
config = BashToolConfig(denylist=["passwd"])
bash_tool = Bash(config_getter=lambda: config, state=BaseToolState())
permission = bash_tool.resolve_permission(
BashArgs(command="find . -exec id \\; && passwd root")
)
assert isinstance(permission, PermissionContext)
assert permission.permission is ToolPermission.NEVER
assert "matches denylist pattern 'passwd'" in (permission.reason or "")
def test_resolve_permission():
config = BashToolConfig(allowlist=["echo", "pwd"], denylist=["rm"])