| File | src/supervisor/tools.py |
| Line | 26 |
| Language | python |
| Pattern | compile() may execute dynamic code |
medium code-injection
Finding f01b2edebdc9 | Stage: scanned | Project: supervisor | Created: 2026-03-31 17:21 | Updated: 2026-03-31 17:21
21
22logger = logging.getLogger(__name__)
23
24# ── Validation helpers ────────────────────────────────────────────
25
26_SAFE_SERVICE_NAME = re.compile(r"^[a-zA-Z0-9._-]+$")
27_SAFE_PATH = re.compile(r"^/[a-zA-Z0-9_./ -]+$")
28
29# Commands allowed via run_diagnostic (read-only system inspection)
30_DIAGNOSTIC_ALLOWLIST = {
31 "docker ps",
Evaluation
Not yet evaluated. Generate an eval prompt to assess this finding with an LLM.
Implementation Prompt
Approve this finding first to generate an implementation prompt.