From ca26f01d3acd9871691fa8981f05d19aed9a3b82 Mon Sep 17 00:00:00 2001 From: dorien-koelemeijer <62866702+dorien-koelemeijer@users.noreply.github.com> Date: Thu, 21 May 2026 10:56:17 +1000 Subject: [PATCH] [Prompt injection mitigation] Update pattern-based detection to reduce FPs (#9350) --- crates/goose/src/security/patterns.rs | 30 ++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/crates/goose/src/security/patterns.rs b/crates/goose/src/security/patterns.rs index 75bef0f4bb..2dee8e907a 100644 --- a/crates/goose/src/security/patterns.rs +++ b/crates/goose/src/security/patterns.rs @@ -300,7 +300,7 @@ pub const THREAT_PATTERNS: &[ThreatPattern] = &[ }, ThreatPattern { name: "password_cracking_tools", - pattern: r"\b(john|hashcat|hydra|medusa|brutespray)\b", + pattern: r"\bjohn\s+--[a-z]|\b(hashcat|hydra|medusa|brutespray)\b", description: "Password cracking tools", risk_level: RiskLevel::High, category: ThreatCategory::PrivilegeEscalation, @@ -464,6 +464,34 @@ mod tests { assert!(!matches(pat, "rm ~")); } + #[test] + fn password_cracking_tools_matches_real_invocations() { + let pat = "password_cracking_tools"; + assert!(matches( + pat, + "john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt" + )); + assert!(matches(pat, "/usr/sbin/john --format=raw-md5 hashes.txt")); + assert!(matches(pat, "john --rules --incremental hash.txt")); + assert!(matches(pat, "hashcat -m 1000 -a 0 hash.txt wordlist.txt")); + assert!(matches(pat, "hydra -l admin -P passwords.txt ssh://target")); + assert!(matches( + pat, + "medusa -h target -u admin -P wordlist.txt -M ssh" + )); + } + + #[test] + fn password_cracking_tools_no_false_positives_on_name_john() { + let pat = "password_cracking_tools"; + assert!(!matches(pat, "# DS_PLATFORM -> John's integration type")); + assert!(!matches(pat, "git log --author=John")); + assert!(!matches(pat, "echo \"Hello John\"")); + assert!(!matches(pat, "grep -r \"john.doe@company.com\" .")); + assert!(!matches(pat, "mkdir -p /home/john")); + assert!(!matches(pat, "cat /tmp/john_report.csv")); + } + #[test] fn log_manipulation_no_dev_null_false_positives() { let pat = "log_manipulation";