Skip to content

feat(workspace): 添加二进制文件安全拦截机制 (#77)#79

Merged
SunYanbox merged 1 commit into
developfrom
77-bug-no-explicit-protection-against-reading-writing-or-editing-binary-files
May 1, 2026
Merged

feat(workspace): 添加二进制文件安全拦截机制 (#77)#79
SunYanbox merged 1 commit into
developfrom
77-bug-no-explicit-protection-against-reading-writing-or-editing-binary-files

Conversation

@SunYanbox
Copy link
Copy Markdown
Owner

@SunYanbox SunYanbox commented May 1, 2026

  • 新增功能: 实现二进制文件检测工具与扩展逻辑
    • 新增 src/utils/binary_detector.py 模块,定义 BINARY_EXTENSIONS 常量集合 (包含 exe, dll, zip, png 等 100+ 扩展名)
    • 新增 is_binary_file(path, encoding) 函数,采用“扩展名匹配” + “内容解码校验”双重策略判断文件类型
    • 检测逻辑支持读取前 512 字节并检查 null 字节 (\x00) 及 UTF-8 解码失败情况
  • 修复问题: 在核心读写工具中集成二进制保护逻辑
    • read_tool.py: 在 read() 方法调用 is_binary_file 拦截,返回明确错误提示
    • read_lines_tool.py: 在 read_lines() 方法中增加相同拦截逻辑
    • write_tool.py: 在写入前通过 is_binary_file 检查,阻止对 .png, .exe 或含二进制内容的文件进行覆盖
    • edit_tool.py: 在 edit() 方法中增加检查,禁止修改二进制文件
    • audit_committer.py: 在 commit() 流程中添加最终安全网,即使快照已批准,若检测到二进制文件则标记为 REJECTED
  • 文档更新: 补充单元测试验证防护有效性
    • 新增 tests/utils/test_binary_detector.py 覆盖扩展名大小写、空文件、无效编码序列等边界场景
    • 新增 tests/workspace/tools/test_binary_protection.py 验证 read/write/edit/commit 工具在遇到二进制文件时的拒绝行为
    • 更新 tests/core/test_audit_committer.py 增加针对二进制文件提交的测试用例

fix #77

@SunYanbox
feat(workspace): 添加二进制文件安全拦截机制 (#77)
e17251c 
- 新增功能: 实现二进制文件检测工具与扩展逻辑
  * 新增 `src/utils/binary_detector.py` 模块,定义 `BINARY_EXTENSIONS` 常量集合 (包含 exe, dll, zip, png 等 100+ 扩展名)
  * 新增 `is_binary_file(path, encoding)` 函数,采用“扩展名匹配” + “内容解码校验”双重策略判断文件类型
  * 检测逻辑支持读取前 512 字节并检查 null 字节 (`\x00`) 及 UTF-8 解码失败情况
- 修复问题: 在核心读写工具中集成二进制保护逻辑
  * `read_tool.py`: 在 `read()` 方法调用 `is_binary_file` 拦截,返回明确错误提示
  * `read_lines_tool.py`: 在 `read_lines()` 方法中增加相同拦截逻辑
  * `write_tool.py`: 在写入前通过 `is_binary_file` 检查,阻止对 `.png`, `.exe` 或含二进制内容的文件进行覆盖
  * `edit_tool.py`: 在 `edit()` 方法中增加检查,禁止修改二进制文件
  * `audit_committer.py`: 在 `commit()` 流程中添加最终安全网,即使快照已批准,若检测到二进制文件则标记为 `REJECTED`
- 文档更新: 补充单元测试验证防护有效性
  * 新增 `tests/utils/test_binary_detector.py` 覆盖扩展名大小写、空文件、无效编码序列等边界场景
  * 新增 `tests/workspace/tools/test_binary_protection.py` 验证 read/write/edit/commit 工具在遇到二进制文件时的拒绝行为
  * 更新 `tests/core/test_audit_committer.py` 增加针对二进制文件提交的测试用例
@SunYanbox SunYanbox self-assigned this May 1, 2026
@SunYanbox SunYanbox added the bug Something isn't working label May 1, 2026
@SunYanbox SunYanbox linked an issue May 1, 2026 that may be closed by this pull request
[Bug] No explicit protection against reading, writing, or editing binary files / 读取、写入或编辑二进制文件时均无显式保护 #77
Closed
@SunYanbox SunYanbox merged commit 3d01592 into develop May 1, 2026
3 checks passed
@SunYanbox SunYanbox deleted the 77-bug-no-explicit-protection-against-reading-writing-or-editing-binary-files branch May 1, 2026 07:57
@SunYanbox SunYanbox mentioned this pull request May 1, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@SunYanbox SunYanbox

Labels

bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug] No explicit protection against reading, writing, or editing binary files / 读取、写入或编辑二进制文件时均无显式保护

1 participant

@SunYanbox