130 lines
3.8 KiB
Bash
130 lines
3.8 KiB
Bash
#!/bin/bash
|
|
# sanitize.sh - Universal input sanitizer for external content
|
|
# Wraps ClawDefender to check any text before Vergil processes it
|
|
#
|
|
# Usage:
|
|
# echo "email content" | sanitize.sh
|
|
# sanitize.sh "some text to check"
|
|
# gog gmail read <id> | sanitize.sh
|
|
# curl -s <api> | sanitize.sh --json
|
|
#
|
|
# Modes:
|
|
# (default) Check text, output original if clean, warn if suspicious
|
|
# --json Parse JSON, check string fields, output with warnings
|
|
# --strict Block (exit 1) if injection detected
|
|
# --silent No warnings, just filter
|
|
# --report Output detection report only
|
|
|
|
set -euo pipefail
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
CLAWDEFENDER="$SCRIPT_DIR/clawdefender.sh"
|
|
|
|
# Colors
|
|
RED='\033[0;31m'
|
|
YELLOW='\033[1;33m'
|
|
GREEN='\033[0;32m'
|
|
NC='\033[0m'
|
|
|
|
MODE="default"
|
|
STRICT=false
|
|
SILENT=false
|
|
REPORT_ONLY=false
|
|
|
|
# Parse flags
|
|
while [[ $# -gt 0 ]]; do
|
|
case $1 in
|
|
--json) MODE="json"; shift ;;
|
|
--strict) STRICT=true; shift ;;
|
|
--silent) SILENT=true; shift ;;
|
|
--report) REPORT_ONLY=true; shift ;;
|
|
--help|-h)
|
|
echo "sanitize.sh - Universal input sanitizer"
|
|
echo ""
|
|
echo "Usage:"
|
|
echo " echo 'text' | sanitize.sh [options]"
|
|
echo " sanitize.sh [options] 'text to check'"
|
|
echo ""
|
|
echo "Options:"
|
|
echo " --json Parse JSON input, check all string values"
|
|
echo " --strict Exit with error if injection detected"
|
|
echo " --silent Suppress warnings, just output clean/flagged"
|
|
echo " --report Output detection report only (no passthrough)"
|
|
echo " --help Show this help"
|
|
echo ""
|
|
echo "Examples:"
|
|
echo " gog gmail read abc123 | sanitize.sh"
|
|
echo " curl -s trello.com/api/... | sanitize.sh --json"
|
|
echo " gh issue view 42 --json body | sanitize.sh --json --strict"
|
|
exit 0
|
|
;;
|
|
*)
|
|
# Treat as input text
|
|
INPUT="$1"
|
|
shift
|
|
;;
|
|
esac
|
|
done
|
|
|
|
# Get input from stdin or argument
|
|
if [[ -z "${INPUT:-}" ]]; then
|
|
if [[ -t 0 ]]; then
|
|
echo "Error: No input provided. Pipe text or pass as argument." >&2
|
|
exit 1
|
|
fi
|
|
INPUT=$(cat)
|
|
fi
|
|
|
|
# Run through ClawDefender prompt check
|
|
RESULT=$("$CLAWDEFENDER" --check-prompt <<< "$INPUT" 2>&1) || true
|
|
|
|
# Parse result
|
|
if echo "$RESULT" | grep -q "CRITICAL\|WARNING"; then
|
|
# Injection detected
|
|
SEVERITY="WARNING"
|
|
echo "$RESULT" | grep -q "CRITICAL" && SEVERITY="CRITICAL"
|
|
|
|
# Extract pattern matches
|
|
PATTERNS=$(echo "$RESULT" | grep -oE "Pattern: [^(]+" | head -3 | tr '\n' ', ' | sed 's/, $//')
|
|
|
|
if $REPORT_ONLY; then
|
|
echo "⚠️ INJECTION DETECTED [$SEVERITY]"
|
|
echo "Patterns: $PATTERNS"
|
|
echo ""
|
|
echo "--- Raw Detection ---"
|
|
echo "$RESULT"
|
|
exit 0
|
|
fi
|
|
|
|
if $STRICT; then
|
|
if ! $SILENT; then
|
|
echo -e "${RED}⛔ BLOCKED: Prompt injection detected [$SEVERITY]${NC}" >&2
|
|
echo -e "${YELLOW}Patterns: $PATTERNS${NC}" >&2
|
|
fi
|
|
exit 1
|
|
fi
|
|
|
|
if ! $SILENT; then
|
|
echo -e "${YELLOW}⚠️ SUSPICIOUS CONTENT DETECTED [$SEVERITY]${NC}" >&2
|
|
echo -e "${YELLOW}Patterns: $PATTERNS${NC}" >&2
|
|
echo -e "${YELLOW}--- Content follows (review carefully) ---${NC}" >&2
|
|
fi
|
|
|
|
# Output with visible warning marker
|
|
echo "⚠️ [FLAGGED - Potential prompt injection detected]"
|
|
echo "$INPUT"
|
|
echo "⚠️ [END FLAGGED CONTENT]"
|
|
else
|
|
# Clean - pass through
|
|
if $REPORT_ONLY; then
|
|
echo "✅ Clean - no injection patterns detected"
|
|
exit 0
|
|
fi
|
|
|
|
if ! $SILENT; then
|
|
: # Could add "✅ Clean" to stderr but that's noisy
|
|
fi
|
|
|
|
echo "$INPUT"
|
|
fi
|