amr/passepartout
1
0
Fork 0
Code Issues 15 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(security): Harden Lisp reader against macro injection in reason loop
Some checks failed
Deploy-Agent-V15-Stdin / JOB-V15-STDIN (push) Failing after 22s
Details

Browse Source
This commit is contained in:
Amr Gharbeia
2026-04-17 16:30:25 -04:00
parent c9bdf5f070
commit 5deb4eac5b
2 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
literate/reason.org
View File

@@ -69,8 +69,9 @@ The `think` function represents the "intuitive" side of the agent. It identifies
;; Ensure we are working with a string for read-from-string ;; Ensure we are working with a string for read-from-string
(cleaned (if (stringp thought) (string-trim '(#\Space #\Newline #\Tab) thought) thought))) (cleaned (if (stringp thought) (string-trim '(#\Space #\Newline #\Tab) thought) thought)))
(if (stringp cleaned) (if (stringp cleaned)
(handler-case (read-from-string cleaned) (let ((*read-eval* nil))
(error (c) (list :type :EVENT :payload (list :sensor :syntax-error :code cleaned :error (format nil "~a" c))))) (handler-case (read-from-string cleaned)
(error (c) (list :type :EVENT :payload (list :sensor :syntax-error :code cleaned :error (format nil "~a" c))))))
cleaned)) cleaned))
(list :type :LOG :payload (list :text (format nil "Skill '~a' triggered (Deterministic only)" (skill-name active-skill)))))) (list :type :LOG :payload (list :text (format nil "Skill '~a' triggered (Deterministic only)" (skill-name active-skill))))))
nil))) nil)))

5
src/reason.lisp
View File

@@ -44,8 +44,9 @@
;; Ensure we are working with a string for read-from-string ;; Ensure we are working with a string for read-from-string
(cleaned (if (stringp thought) (string-trim '(#\Space #\Newline #\Tab) thought) thought))) (cleaned (if (stringp thought) (string-trim '(#\Space #\Newline #\Tab) thought) thought)))
(if (stringp cleaned) (if (stringp cleaned)
(handler-case (read-from-string cleaned) (let ((*read-eval* nil))
(error (c) (list :type :EVENT :payload (list :sensor :syntax-error :code cleaned :error (format nil "~a" c))))) (handler-case (read-from-string cleaned)
(error (c) (list :type :EVENT :payload (list :sensor :syntax-error :code cleaned :error (format nil "~a" c))))))
cleaned)) cleaned))
(list :type :LOG :payload (list :text (format nil "Skill '~a' triggered (Deterministic only)" (skill-name active-skill)))))) (list :type :LOG :payload (list :text (format nil "Skill '~a' triggered (Deterministic only)" (skill-name active-skill))))))
nil))) nil)))