Skip to content

Add GTFOBins validation tests for cut, find, grep, sed, strings, uniq#136

Merged
thieman merged 2 commits intomainfrom
kathy.nguyen/gtfobins-validation-v2
Mar 24, 2026
Merged

Add GTFOBins validation tests for cut, find, grep, sed, strings, uniq#136
thieman merged 2 commits intomainfrom
kathy.nguyen/gtfobins-validation-v2

Conversation

@kathy-dd
Copy link
Copy Markdown
Collaborator

@kathy-dd kathy-dd commented Mar 20, 2026

Summary

  • Add GTFOBins sandbox escape tests for cut, grep, strings, uniq (file read blocked by AllowedPaths)
  • Add GTFOBins tests for find: -exec /bin/sh blocked by CommandAllowed, -fprintf/-delete blocked at parse time, sandbox escape blocked
  • Add GTFOBins tests for sed: e command (shell), w command (write), -i flag (in-place) all blocked; sandbox escape blocked

All 11 new tests pass locally. Combined with existing GTFOBins tests for cat, head, tail, wc, ss, sort, ip, and ping, all 14 builtins with GTFOBins entries now have explicit validation coverage.

Test plan

  • All new TestXxxGTFOBins* tests pass on Linux, macOS, Windows
  • Existing pentest tests unaffected (no modifications to existing test logic)
  • make fmt clean

🤖 Generated with Claude Code

@kathy-dd @claude
Add GTFOBins validation tests for cut, find, grep, sed, strings, uniq
43eefc1 
Validate that all GTFOBins attack vectors are blocked for builtins that
were missing explicit GTFOBins test coverage. Tests verify sandbox escape
prevention (file reads outside AllowedPaths), dangerous command/flag
rejection (find -fprintf/-delete, sed e/w/-i), and shell escape blocking
(find -exec /bin/sh, sed 'e').

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@thieman thieman marked this pull request as ready for review March 24, 2026 20:53
@thieman thieman added this pull request to the merge queue Mar 24, 2026
Merged via the queue into main with commit c33533b Mar 24, 2026
34 checks passed
@thieman thieman deleted the kathy.nguyen/gtfobins-validation-v2 branch March 24, 2026 20:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AlexandreYang AlexandreYang AlexandreYang approved these changes

@thieman thieman Awaiting requested review from thieman thieman is a code owner

@matt-dz matt-dz Awaiting requested review from matt-dz matt-dz is a code owner

@julesmcrt julesmcrt Awaiting requested review from julesmcrt julesmcrt is a code owner

@astuyve astuyve Awaiting requested review from astuyve astuyve is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kathy-dd @AlexandreYang @thieman