didericis/bot-bottle
1
0
Fork 0
Code Issues 7 Pull Requests 15 Actions Packages Projects Releases Wiki Activity

PRD: Strengthen outbound exfiltration detection #263

Merged
didericis merged 10 commits from strengthen-outbound-exfil-detection into main 2026-06-25 00:15:33 -04:00
Conversation 8 Commits 10 Files Changed 13
+8 -8
4 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit d9a9eef276 - Show all commits
bot_bottle/dlp_detectors.py
+4 -4
View File
@@ -1,4 +1,4 @@
"""DLP detectors for the egress proxy (PRD 0053, prd-new).
"""DLP detectors for the egress proxy (PRD 0053).
didericis commented 2026-06-24 23:56:18 -04:00
Outdated
Review
Copy Link
Copy Source

remove prd-new citations in docstrings

remove prd-new citations in docstrings
Pure Python, no mitmproxy dependency. Each detector is a module-level
function returning `ScanResult | None`.
@@ -123,7 +123,7 @@ def redact_tokens(
# ---------------------------------------------------------------------------
# Known secrets detector (Phase 1b, prd-new)
# Known secrets detector
# ---------------------------------------------------------------------------
def _encoded_variants(secret: str) -> list[str]:
@@ -165,7 +165,7 @@ def _encoded_variants(secret: str) -> list[str]:
# ---------------------------------------------------------------------------
# Fragmentation-resistant helpers (prd-new)
# Fragmentation-resistant helpers
# ---------------------------------------------------------------------------
# Minimum length of alnum projection for projection-based checks to run.
@@ -283,7 +283,7 @@ def scan_known_secrets(
# ---------------------------------------------------------------------------
# Entropy detector (warn-only, prd-new)
# Entropy detector (warn-only)
# ---------------------------------------------------------------------------
# Sliding window size and step for the entropy scan.
tests/unit/test_dlp_detectors.py
+1 -1
View File
@@ -1,4 +1,4 @@
"""Unit: DLP detectors (PRD 0053, prd-new).
"""Unit: DLP detectors (PRD 0053).
Tests for token pattern scanning, known secret detection, fragmentation-
resistant matching, entropy scoring, and naive prompt injection detection."""
tests/unit/test_egress.py
+2 -2
View File
@@ -1,5 +1,5 @@
"""Unit: Egress route lift + routes.yaml render + token
resolution (PRD 0017, PRD 0053, prd-new)."""
resolution (PRD 0017, PRD 0053)."""
import tempfile
import unittest
@@ -450,7 +450,7 @@ class TestResolveTokenValues(unittest.TestCase):
class TestCanaryGeneration(unittest.TestCase):
"""Egress.prepare() generates a unique canary token per session (prd-new)."""
"""Egress.prepare() generates a unique canary token per session."""
def _bottle_obj(self):
return ManifestIndex.from_json_obj({
tests/unit/test_egress_addon_core.py
+1 -1
View File
@@ -1274,7 +1274,7 @@ class TestBuildTokenAllowPayload(unittest.TestCase):
payload = build_token_allow_payload("h", "GET", "/", result)
self.assertNotIn("context:", payload)
class TestScanOutboundEnhanced(unittest.TestCase):
"""scan_outbound changes from prd-new: binary decode, entropy detector,
"""scan_outbound changes: binary decode, entropy detector,
broadened known-value prefixes, fragmentation resistance."""
_ROUTE = Route(host="api.example.com")