Amr Gharbeia
a31f19045a
Some checks failed
Deploy (Gitea) / deploy (push) Failing after 3s
Wrap read-from-string/read with (let ((*read-eval* nil)) ...) at three untrusted-input code paths: 1. think() in core-loop-reason — LLM output parsing. LLM output is untrusted by definition; #.(shell ...) in a response must not execute. 2. action-system-execute in core-loop-act — :system :eval path processes untrusted payload code from the signal pipeline. 3. load-memory-from-disk in core-memory — memory.snap file could be corrupted or planted in ~/, must not execute #. reader macros. Adds test-read-eval-rce-blocked to pipeline-reason-suite: mocks a backend returning malicious output containing #.(setf ...), verifies no side effects occur and safe fallback is returned. RED proof recorded: *read-eval* T + #.(setf ...) → :PWNED (RCE active) GREEN proof: *read-eval* NIL → reader-error caught (RCE blocked) Test: reason 12/0, full suite 88/0
9.9 KiB
9.9 KiB