@@ -36,6 +36,40 @@ suppressions:
3636 remediation command `echo 'export PATH=<bin>:$PATH' >> ~/.bashrc` (or
3737 ~/.zshrc) for the user to add ROCm/HIP to PATH. No payload, no SSH key
3838 injection, no hidden user.
39+ - skill : rocm-doctor
40+ rule : OH1
41+ file : scripts/apply_fix.py
42+ match : Unvalidated Output Injection
43+ reason : >-
44+ False positive. The flag is on the generic `_run(cmd: list[str], ...)`
45+ helper, which calls `subprocess.run(cmd, ..., shell defaults to False)`
46+ with a list-form argv, so there is no shell interpolation. Every `cmd`
47+ is a hardcoded argv list assembled in-script (e.g.
48+ `["usermod","-a","-G","render,video",user]`, `["modprobe","amdgpu"]`);
49+ the only dynamic pieces are the local username from `$USER`/`$LOGNAME`
50+ and binary paths resolved via `shutil.which`. No LLM/model output ever
51+ reaches this sink, so there is nothing to validate or sanitize.
52+ - skill : rocm-doctor
53+ rule : OH1
54+ file : scripts/examine.py
55+ match : Unvalidated Output Injection
56+ reason : >-
57+ False positive. Same generic `_run(cmd: list[str], ...)` helper as in
58+ apply_fix.py: list-form `subprocess.run` with no shell=True. The read-only
59+ probes only ever pass fixed argv lists (`["rocminfo"]`,
60+ `["lspci","-nn","-D"]`, the PowerShell/CIM `Get-CimInstance` probes, the
61+ framework binary from `shutil.which`). No model output flows into the
62+ command, and there is no shell to inject into.
63+ - skill : rocm-doctor
64+ rule : PE3
65+ file : scripts/examine.py
66+ match : Credential Access
67+ reason : >-
68+ False positive. Line 493 is a code comment ("Resolve uid/gid to names via
69+ /etc/passwd & /etc/group") describing how `_stat_device` maps a device's
70+ owner uid/gid to names. The actual resolution uses the stdlib `pwd`/`grp`
71+ modules (`pwd.getpwuid` / `grp.getgrgid`), not any read of /etc/passwd,
72+ /etc/shadow, .env, or token files. No credential material is accessed.
3973 - skill : local-ai-use
4074 rule : SC2
4175 file : SKILL.md
0 commit comments