Skip to content

Commit 779e776

Browse files
committed
Remove false positives
1 parent e6dced3 commit 779e776

1 file changed

Lines changed: 34 additions & 0 deletions

File tree

.github/skillspector-allow.yml

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,40 @@ suppressions:
3636
remediation command `echo 'export PATH=<bin>:$PATH' >> ~/.bashrc` (or
3737
~/.zshrc) for the user to add ROCm/HIP to PATH. No payload, no SSH key
3838
injection, no hidden user.
39+
- skill: rocm-doctor
40+
rule: OH1
41+
file: scripts/apply_fix.py
42+
match: Unvalidated Output Injection
43+
reason: >-
44+
False positive. The flag is on the generic `_run(cmd: list[str], ...)`
45+
helper, which calls `subprocess.run(cmd, ..., shell defaults to False)`
46+
with a list-form argv, so there is no shell interpolation. Every `cmd`
47+
is a hardcoded argv list assembled in-script (e.g.
48+
`["usermod","-a","-G","render,video",user]`, `["modprobe","amdgpu"]`);
49+
the only dynamic pieces are the local username from `$USER`/`$LOGNAME`
50+
and binary paths resolved via `shutil.which`. No LLM/model output ever
51+
reaches this sink, so there is nothing to validate or sanitize.
52+
- skill: rocm-doctor
53+
rule: OH1
54+
file: scripts/examine.py
55+
match: Unvalidated Output Injection
56+
reason: >-
57+
False positive. Same generic `_run(cmd: list[str], ...)` helper as in
58+
apply_fix.py: list-form `subprocess.run` with no shell=True. The read-only
59+
probes only ever pass fixed argv lists (`["rocminfo"]`,
60+
`["lspci","-nn","-D"]`, the PowerShell/CIM `Get-CimInstance` probes, the
61+
framework binary from `shutil.which`). No model output flows into the
62+
command, and there is no shell to inject into.
63+
- skill: rocm-doctor
64+
rule: PE3
65+
file: scripts/examine.py
66+
match: Credential Access
67+
reason: >-
68+
False positive. Line 493 is a code comment ("Resolve uid/gid to names via
69+
/etc/passwd & /etc/group") describing how `_stat_device` maps a device's
70+
owner uid/gid to names. The actual resolution uses the stdlib `pwd`/`grp`
71+
modules (`pwd.getpwuid` / `grp.getgrgid`), not any read of /etc/passwd,
72+
/etc/shadow, .env, or token files. No credential material is accessed.
3973
- skill: local-ai-use
4074
rule: SC2
4175
file: SKILL.md

0 commit comments

Comments
 (0)