diff --git a/agents/runner.py b/agents/runner.py index fe760b0..bbae90d 100644 --- a/agents/runner.py +++ b/agents/runner.py @@ -547,16 +547,16 @@ _DESTRUCTIVE_PATTERNS = [ r"\bunlink\s+\S", # SQL: DROP TABLE / DATABASE / INDEX / VIEW / SCHEMA r"\bDROP\s+(TABLE|DATABASE|INDEX|VIEW|SCHEMA)\b", - # SQL: DELETE FROM (full table delete without WHERE is the risky form, - # but even DELETE with WHERE should be reviewed in auto mode) - r"\bDELETE\s+FROM\b", + # SQL: DELETE FROM without WHERE — full table delete is the risky form. + # DELETE FROM ... WHERE ... is a targeted operation and is NOT flagged. + r"\bDELETE\s+FROM\b(?![^;]*\bWHERE\b)", # Python: shutil.rmtree r"\bshutil\.rmtree\s*\(", # Python: os.remove / os.unlink r"\bos\.(remove|unlink)\s*\(", ] -_DESTRUCTIVE_RE = [re.compile(p, re.IGNORECASE) for p in _DESTRUCTIVE_PATTERNS] +_DESTRUCTIVE_RE = [re.compile(p, re.DOTALL | re.IGNORECASE) for p in _DESTRUCTIVE_PATTERNS] def _detect_destructive_operations(results: list[dict]) -> list[str]: diff --git a/tests/test_runner.py b/tests/test_runner.py index da369a9..64d8d7f 100644 --- a/tests/test_runner.py +++ b/tests/test_runner.py @@ -3018,9 +3018,14 @@ class TestDetectDestructiveOperations: assert len(_detect_destructive_operations(results)) > 0 def test_detects_delete_from_with_where(self): - """DELETE FROM WHERE → тоже детектируется (по дизайну runner'а).""" + """DELETE FROM с WHERE — НЕ деструктивная операция, не детектируется.""" results = [self._result("DELETE FROM sessions WHERE expired=1")] - assert len(_detect_destructive_operations(results)) > 0 + assert _detect_destructive_operations(results) == [] + + def test_detects_delete_from_with_where_complex(self): + """DELETE FROM с WHERE и сложным условием — тоже не детектируется.""" + results = [self._result("DELETE FROM logs WHERE created_at < '2024-01-01' AND user_id = 42")] + assert _detect_destructive_operations(results) == [] def test_detects_unlink_shell(self): """unlink /path → детектируется."""