Kjell Tore Guttormsen 336e4db1b8 feat(pre-bash-destructive): T8 — base64-pipe-shell idiom (E9) ... Adds BLOCK_RULE for the malware-loader pattern: echo|cat|printf <base64-blob> | base64 -d | <shell> This is a common RCE delivery shape that bypasses static name-matching gates by encoding the destructive command as a base64 blob. The new rule fires only when the final pipe target is a shell interpreter (bash, sh, zsh, dash, ksh) — base64 decoded into jq or any non-shell consumer remains allowed. 5 new tests in pre-bash-destructive.test.mjs: - 3 BLOCK cases (echo|base64|bash, printf|base64|sh, cat|base64|zsh) - 2 FP probes (base64 -d -> jq passes; base64 -d alone passes) Closes E9 in critical-review-2026-04-20.md.		2026-04-30 15:15:29 +02:00
..
post-mcp-verify.mjs	feat(post-mcp-verify): E7 — scan HTML comment nodes for injection	2026-04-29 15:01:56 +02:00
post-session-guard.mjs	feat(post-session-guard): E17 — configurable escalation window + 20-call MEDIUM advisory	2026-04-29 14:26:18 +02:00
pre-bash-destructive.mjs	feat(pre-bash-destructive): T8 — base64-pipe-shell idiom (E9)	2026-04-30 15:15:29 +02:00
pre-compact-scan.mjs	test(hooks): cover pre-compact-scan happy-path, modes, size-cap	2026-04-17 14:44:52 +02:00
pre-edit-secrets.mjs	feat(governance): add policy-as-code — .llm-security/policy.json for distributable hook configuration	2026-04-10 13:37:02 +02:00
pre-install-supply-chain.mjs	feat(governance): add policy-as-code — .llm-security/policy.json for distributable hook configuration	2026-04-10 13:37:02 +02:00
pre-prompt-inject-scan.mjs	feat(governance): add policy-as-code — .llm-security/policy.json for distributable hook configuration	2026-04-10 13:37:02 +02:00
pre-write-pathguard.mjs	fix(llm-security): B1 pathguard regex — match multi-segment .env.*.*	2026-04-19 23:59:38 +02:00
update-check.mjs	feat: initial open marketplace with llm-security, config-audit, ultraplan-local	2026-04-06 18:47:49 +02:00