67 lines
2.2 KiB
Text
67 lines
2.2 KiB
Text
# .llm-security-ignore — Suppress expected findings when scanning this plugin
|
|
#
|
|
# Why 150 suppressed findings? A security plugin that documents attack patterns,
|
|
# ships a malicious demo fixture, and tests against deliberately evil code will
|
|
# trigger its own scanners. This is the "scanning the scanner" paradox:
|
|
#
|
|
# - examples/ contains an intentionally malicious plugin (the demo)
|
|
# - knowledge/ documents real attack regex patterns and example URLs
|
|
# - tests/ contain deliberate taint flows and suspicious URLs as test input
|
|
# - hooks/ and scanners/ contain high-entropy regex for secret detection
|
|
#
|
|
# Every suppression below is explained. Run without this file to see all 150.
|
|
#
|
|
# Format: SCANNER:glob or just glob (applies to all scanners)
|
|
# Scanners: UNI, ENT, PRM, DEP, TNT, GIT, NET, TFA
|
|
|
|
# Demo fixture: intentionally malicious (the whole point of the demo)
|
|
examples/**
|
|
|
|
# Test files contain deliberate malicious patterns as test input
|
|
TNT:tests/**
|
|
NET:tests/**
|
|
|
|
# Knowledge base documents attack patterns with example URLs and regex
|
|
ENT:knowledge/**
|
|
NET:knowledge/**
|
|
|
|
# Hook scripts contain high-entropy regex patterns and log strings
|
|
ENT:hooks/**
|
|
|
|
# Scanner code contains regex patterns that trigger entropy detection
|
|
ENT:scanners/**
|
|
|
|
# Injection patterns module contains injection keywords (by design)
|
|
TNT:scanners/lib/injection-patterns.mjs
|
|
|
|
# Command files contain long prompt strings
|
|
ENT:commands/**
|
|
|
|
# Permission findings: clean needs write tools (by design), deep-scan uses Bash
|
|
PRM:commands/**
|
|
PRM:agents/**
|
|
|
|
# Git findings: subtree split artifacts and commit message heuristics
|
|
GIT:**
|
|
|
|
# Network: README references to OWASP, Anthropic, research papers
|
|
NET:README.md
|
|
|
|
# Network: agent docs reference example domains for documentation
|
|
NET:agents/**
|
|
|
|
# Network: supply-chain hook legitimately contacts osv.dev and socket.dev
|
|
NET:hooks/**
|
|
|
|
# Orchestrator legitimately writes log file from argv path
|
|
TNT:scanners/scan-orchestrator.mjs
|
|
|
|
# Toxic flow: plugin commands/agents have Read+Bash access by design (it's a security scanner)
|
|
TFA:commands/**
|
|
TFA:agents/**
|
|
|
|
# Network: CLAUDE.md references public repo URL
|
|
NET:CLAUDE.md
|
|
|
|
# Baseline files: generated JSON with scan results (high entropy expected)
|
|
reports/baselines/**
|