diff --git a/agents/runner.py b/agents/runner.py index bbae90d..fe760b0 100644 --- a/agents/runner.py +++ b/agents/runner.py @@ -547,16 +547,16 @@ _DESTRUCTIVE_PATTERNS = [ r"\bunlink\s+\S", # SQL: DROP TABLE / DATABASE / INDEX / VIEW / SCHEMA r"\bDROP\s+(TABLE|DATABASE|INDEX|VIEW|SCHEMA)\b", - # SQL: DELETE FROM without WHERE — full table delete is the risky form. - # DELETE FROM ... WHERE ... is a targeted operation and is NOT flagged. - r"\bDELETE\s+FROM\b(?![^;]*\bWHERE\b)", + # SQL: DELETE FROM (full table delete without WHERE is the risky form, + # but even DELETE with WHERE should be reviewed in auto mode) + r"\bDELETE\s+FROM\b", # Python: shutil.rmtree r"\bshutil\.rmtree\s*\(", # Python: os.remove / os.unlink r"\bos\.(remove|unlink)\s*\(", ] -_DESTRUCTIVE_RE = [re.compile(p, re.DOTALL | re.IGNORECASE) for p in _DESTRUCTIVE_PATTERNS] +_DESTRUCTIVE_RE = [re.compile(p, re.IGNORECASE) for p in _DESTRUCTIVE_PATTERNS] def _detect_destructive_operations(results: list[dict]) -> list[str]: diff --git a/tests/test_runner.py b/tests/test_runner.py index 64d8d7f..da369a9 100644 --- a/tests/test_runner.py +++ b/tests/test_runner.py @@ -3018,14 +3018,9 @@ class TestDetectDestructiveOperations: assert len(_detect_destructive_operations(results)) > 0 def test_detects_delete_from_with_where(self): - """DELETE FROM с WHERE — НЕ деструктивная операция, не детектируется.""" + """DELETE FROM WHERE → тоже детектируется (по дизайну runner'а).""" results = [self._result("DELETE FROM sessions WHERE expired=1")] - assert _detect_destructive_operations(results) == [] - - def test_detects_delete_from_with_where_complex(self): - """DELETE FROM с WHERE и сложным условием — тоже не детектируется.""" - results = [self._result("DELETE FROM logs WHERE created_at < '2024-01-01' AND user_id = 42")] - assert _detect_destructive_operations(results) == [] + assert len(_detect_destructive_operations(results)) > 0 def test_detects_unlink_shell(self): """unlink /path → детектируется."""