Skip to content

Commit e600cf2

Browse files
committed
feat: strict rules for netcat and sensitive files
1 parent 9933d40 commit e600cf2

1 file changed

Lines changed: 5 additions & 1 deletion

File tree

src/qwed_new/guards/code_guard.py

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -73,8 +73,12 @@ def _verify_bash(self, code: str) -> Dict[str, Any]:
7373
(r"wget\s+.*\|\s*bash", "Pipe to Bash detected (RCE Risk)"),
7474
(r"rm\s+-rf", "Destructive command (rm -rf)"),
7575
(r":\(\)\{\s*:\|:\&\s*\}\;", "Fork Bomb detected"),
76-
(r"nc\s+.*-e\s+/bin/sh", "Netcat Reverse Shell"),
76+
(r"nc\s+", "Netcat usage detected (Data Exfiltration/Reverse Shell Risk)"),
77+
(r"netcat\s+", "Netcat usage detected"),
7778
(r"/dev/tcp/", "Direct TCP connection (Reverse Shell Risk)"),
79+
(r"/etc/passwd", "Sensitive file access (/etc/passwd)"),
80+
(r"/etc/shadow", "Sensitive file access (/etc/shadow)"),
81+
(r"id_rsa", "SSH Private Key access detected"),
7882
(r"base64\s+-d", "Base64 Decoding (Obfuscation Risk)"),
7983
(r"chmod\s+777", "Insecure permissions (chmod 777)"),
8084
(r"sudo\s+", "Privilege Escalation attempt (sudo)"),

0 commit comments

Comments
 (0)