Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix(py-isolation-adversarial-policy): suppress S307 on encoded-injection payload#2182

Merged
imran-siddique merged 1 commit into
microsoft:mainfrom
aegis-initiative:fix/py-isolation-adversarial-policy-payload-noqa
May 12, 2026
Merged

fix(py-isolation-adversarial-policy): suppress S307 on encoded-injection payload#2182
imran-siddique merged 1 commit into
microsoft:mainfrom
aegis-initiative:fix/py-isolation-adversarial-policy-payload-noqa

Conversation

@finnoybu

Copy link
Copy Markdown
Contributor

Summary

adversarial_policy.py's BUILTIN_VECTORS contains an attack vector whose payload["command"] is the literal string "eval(base64decode('aW1wb3J0IG9z'))" — test data used to assert that the policy engine blocks injection attempts. The string is never evaluated.

Static scanners (bandit rule B307, ruff rule S307) flag the substring eval( even inside a string literal that's only used as fixture data, producing a noisy false positive every time the file is scanned.

Change

Add # noqa: S307 with a comment naming why the suppression is correct: the token is test data, not invoked code. Suppression is intentionally narrow — only the one line that carries the eval( token, not the whole module — so a real eval( call anywhere else in the file would still flag.

Tests

Pure annotation change — no behaviour delta, no new tests needed.

$ PYTHONPATH=src python -m pytest tests/unit/test_adversarial_chaos.py -q
37 passed in 0.37s

The existing 37 adversarial-chaos tests cover the vector being a valid fixture entry; they still pass with the noqa annotation in place.

Test plan

  • CI passes
  • No regression in test_adversarial_chaos.py
  • bandit / ruff S307 no longer flags adversarial_policy.py:113

Surfaced during independent audit conducted by @finnoybu (Ken Tannenbaum, AEGIS Initiative); [LOW, Python Isolation].

…ion payload

`BUILTIN_VECTORS` in `chaos/adversarial_policy.py` contains an attack
vector whose ``payload["command"]`` is the literal string
``"eval(base64decode('aW1wb3J0IG9z'))"`` — test data used to assert
that the policy engine blocks injection attempts. The string is never
evaluated.

Static scanners (bandit, ruff S307) flag the substring ``eval(`` even
inside a string literal that's only used as fixture data, producing a
noisy false positive every time the file is scanned.

Add ``# noqa: S307`` with a comment naming why the suppression is
correct: the token is test data, not invoked code. Suppression is
intentionally narrow — only the one line that carries the ``eval(``
token, not the whole module.

Pure annotation change — no behaviour delta, no new tests needed (the
existing 37 adversarial-chaos tests cover the vector being a
valid fixture entry).
@github-actions github-actions Bot added the agent-sre agent-sre package label May 12, 2026
@github-actions

Copy link
Copy Markdown
🤖 AI Agent: docs-sync-checker — Docs Sync

Docs Sync

  • adversarial_policy.py -- AttackVector class's payload field has no docstring
  • README.md -- section on attack vectors needs update

@github-actions

Copy link
Copy Markdown
🤖 AI Agent: test-generator — View details

Test coverage looks good. No gaps identified.

@github-actions

Copy link
Copy Markdown
🤖 AI Agent: breaking-change-detector — View details

No breaking changes detected.

@github-actions github-actions Bot added the size/XS Extra small PR (< 10 lines) label May 12, 2026
@github-actions

Copy link
Copy Markdown
🤖 AI Agent: code-reviewer — View details

TL;DR: 0 blockers, 0 warnings. No issues found. Clean change.

@github-actions

Copy link
Copy Markdown
🤖 AI Agent: security-scanner — View details

No security issues found.

@github-actions

Copy link
Copy Markdown

🟡 Contributor Check: MEDIUM

Check Result
Profile MEDIUM
Credential NONE
Overall MEDIUM

Automated check by AGT Contributor Check.

@github-actions github-actions Bot added the needs-review:MEDIUM Contributor check flagged MEDIUM risk label May 12, 2026
@github-actions

Copy link
Copy Markdown

PR Review Summary

Check Status Details
🔍 Code Review ✅ Passed No issues found
🛡️ Security Scan ✅ Passed No issues found
🔄 Breaking Changes ✅ Passed No issues found
📝 Docs Sync ✅ Completed Analysis complete
🧪 Test Coverage ✅ Completed Analysis complete

Verdict: ✅ Ready for human review

@imran-siddique imran-siddique merged commit 3f1450e into microsoft:main May 12, 2026
13 of 14 checks passed
MohammadHaroonAbuomar pushed a commit to MohammadHaroonAbuomar/agt-acs that referenced this pull request Jun 1, 2026
…ion payload (microsoft#2182)

`BUILTIN_VECTORS` in `chaos/adversarial_policy.py` contains an attack
vector whose ``payload["command"]`` is the literal string
``"eval(base64decode('aW1wb3J0IG9z'))"`` — test data used to assert
that the policy engine blocks injection attempts. The string is never
evaluated.

Static scanners (bandit, ruff S307) flag the substring ``eval(`` even
inside a string literal that's only used as fixture data, producing a
noisy false positive every time the file is scanned.

Add ``# noqa: S307`` with a comment naming why the suppression is
correct: the token is test data, not invoked code. Suppression is
intentionally narrow — only the one line that carries the ``eval(``
token, not the whole module.

Pure annotation change — no behaviour delta, no new tests needed (the
existing 37 adversarial-chaos tests cover the vector being a
valid fixture entry).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

agent-sre agent-sre package needs-review:MEDIUM Contributor check flagged MEDIUM risk size/XS Extra small PR (< 10 lines)

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants