fix: prevent false positives in recursive delete detection#68
Merged
teknium1 merged 2 commits intoNousResearch:mainfrom Feb 26, 2026
Merged
Conversation
The regex pattern for detecting recursive delete commands (rm -r, rm -rf, etc.) incorrectly matched filenames starting with 'r' — e.g., 'rm readme.txt' was flagged as 'recursive delete' because the dash-flag group was optional. Fix: make the dash mandatory so only actual flags (-r, -rf, -rfv, -fr) are matched. This eliminates false approval prompts for innocent commands like 'rm readme.txt', 'rm requirements.txt', 'rm report.csv', etc. Before: \brm\s+(-[^\s]*)?r — matches 'rm readme.txt' (false positive) After: \brm\s+-[^\s]*r — requires '-' prefix, no false positives
Add 15 new tests in two classes: - TestRmFalsePositiveFix (8 tests): verify filenames starting with 'r' (readme.txt, requirements.txt, report.csv, etc.) are NOT falsely flagged as 'recursive delete' - TestRmRecursiveFlagVariants (7 tests): verify all recursive delete flag styles (-r, -rf, -rfv, -fr, -irf, --recursive, sudo rm -rf) are still correctly caught All 29 tests pass (14 existing + 15 new).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The regex pattern for detecting recursive delete commands in
tools/approval.pyproduces false positives for anyrmcommand where the filename starts with the letterr.Root cause: The pattern
\brm\s+(-[^\s]*)?rmakes the dash-flag group(-[^\s]*)?optional. When the filename doesn't start with-, the group matches nothing, and the trailingrmatches the first character of the filename instead of a flag.Examples of false positives:
rm readme.txtrm requirements.txtrm report.csvrm README.mdrm results.jsonrm robots.txtThis causes unnecessary approval prompts for the user when the agent tries to delete files whose names start with 'r'.
Fix
Make the dash mandatory so only actual flags are matched:
The change from
(-[^\s]*)?(optional group) to-[^\s]*(required dash) ensures theris always part of a CLI flag like-r,-rf,-rfv, or-fr— never part of a filename.Tests Added
Added 15 new tests in
tests/tools/test_approval.pyacross two classes:TestRmFalsePositiveFix(8 regression tests):rm readme.txt,rm requirements.txt,rm report.csv,rm results.json,rm robots.txt,rm run.sh,rm -f readme.txt,rm -v readme.txtare all correctly identified as safeTestRmRecursiveFlagVariants(7 tests):rm -r,rm -rf,rm -rfv,rm -fr,rm -irf,rm --recursive,sudo rm -rfare all still correctly caught as dangerousScope
tools/approval.py: 1-line regex fix (line 25)tests/tools/test_approval.py: 15 new regression tests