feat(security): add detection rules for destructive shell commands

src/copaw/security/tool_guard/rules/dangerous_shell_commands.yaml

@@ -1,10 +1,13 @@
 # Dangerous Shell Command Detection Rules
-# These rules detect potentially dangerous shell commands (rm, mv) that
-# may cause data loss or unintended file mutations.
+# =========================================================================
+# Regex-signature rules for RuleBasedToolGuardian.
+# Scans execute_shell_command parameters for destructive, evasive,
+# or privilege-escalating patterns before the agent executes them.
 #
-# Unlike the existing TOOL_CMD_DESTRUCTIVE_RM rule (which only catches
-# ``rm -rf /system_path``), these rules catch *any* use of ``rm`` or
-# ``mv`` so the user is always prompted before execution.
+# Severity tiers: MEDIUM = broad catch-all (typically requires user review/confirmation),
+#                 HIGH / CRITICAL = targeted destructive patterns (mark result as unsafe; blocking/approval is
+#                                   enforced by the surrounding ToolGuard/approval workflow when available).
+# See GuardThreatCategory for the full threat taxonomy.
 
 # ── rm: file / directory removal ──────────────────────────────────────
 - id: TOOL_CMD_DANGEROUS_RM
@@ -27,3 +30,91 @@
     - "\\bmv\\b"
   description: "Shell command contains 'mv' which may move or overwrite files unexpectedly"
   remediation: "Confirm with the user before moving or renaming files"
+
+# ── Filesystem & Block Device Destruction ─────────────────────────────
+- id: TOOL_CMD_FS_DESTRUCTION
+  tools: [execute_shell_command]
+  params: [command]
+  category: command_injection
+  severity: CRITICAL
+  patterns:
+    - "\\bmkfs(\\.[a-zA-Z0-9_]+)?\\b"
+    - "\\bmke2fs\\b"
+    - "\\bdd\\s+.*of=\\/dev\\/"
+    - ">\\s*\\/dev\\/(sd[a-z][0-9]*|vd[a-z][0-9]*|nvme\\d+n\\d+(p\\d+)?)"
+  description: "Detects low-level disk formatting or wiping commands"
+  remediation: "Block operation. Agents should not format or overwrite raw block devices."
+
+# ── Denial of Service & Fork Bombs ────────────────────────────────────
+- id: TOOL_CMD_DOS_FORK_BOMB
+  tools: [execute_shell_command]
+  params: [command]
+  category: resource_abuse
+  severity: CRITICAL
+  patterns:
+    - ":\\s*\\(\\s*\\)\\s*\\{\\s*:\\s*\\|\\s*:\\s*&\\s*\\}\\s*;\\s*:"
+    - "\\bkill\\s+-9\\s+(-1|1\\b)"
+  description: "Detects classic Bash fork bombs and mass process termination"
+  remediation: "Block immediately. These commands will crash the host system."
+
+# ── Network Loaders (Pipe to Shell) ───────────────────────────────────
+- id: TOOL_CMD_PIPE_TO_SHELL
+  tools: [execute_shell_command]
+  params: [command]
+  category: code_execution
+  severity: CRITICAL
+  patterns:
+    - "\\b(curl|wget)\\b\\s+.*\\|.*\\b(bash|sh|zsh|ash|dash)\\b"
+  description: "Detects 'curl | bash' patterns used to download and immediately execute remote payloads"
+  remediation: "Confirm with user. Agents should inspect scripts before executing them."
+
+# ── Reverse Shell & Network Tunnels ───────────────────────────────────
+- id: TOOL_CMD_REVERSE_SHELL
+  tools: [execute_shell_command]
+  params: [command]
+  category: network_abuse
+  severity: CRITICAL
+  patterns:
+    - "\\/dev\\/(tcp|udp)\\/"
+    - "\\bnc\\s+.*-e\\s*\\S+"
+    - "\\bncat\\s+.*-e\\s*\\S+"
+    - "\\bsocat\\s+.*EXEC:"
+  description: "Detects attempts to establish reverse shells or unauthorized network tunnels"
+  remediation: "Block operation. Agents do not need to bind interactive shells to network sockets."
+
+# ── Persistence & Privilege Escalation ────────────────────────────────
+- id: TOOL_CMD_SYSTEM_TAMPERING
+  tools: [execute_shell_command]
+  params: [command]
+  category: sensitive_file_access
+  severity: HIGH
+  patterns:
+    - "\\bcrontab\\b"
+    - "\\bauthorized_keys\\b"
+    - "\\/etc\\/sudoers"
+    - "\\/etc\\/crontab"
+  description: "Detects access to cron jobs, SSH keys, or sudo permissions (including reads and modifications)"
+  remediation: "Confirm with user. Treat any access to credential and scheduling files as sensitive and restrict when possible."
+
+# ── Dangerous Permission Changes ──────────────────────────────────────
+- id: TOOL_CMD_UNSAFE_PERMISSIONS
+  tools: [execute_shell_command]
+  params: [command]
+  category: privilege_escalation
+  severity: HIGH
+  patterns:
+    - "\\bchmod\\s+-[a-zA-Z]*R[a-zA-Z]*\\s+(777|a\\+rwx)\\s+\\/"
+    - "\\bchattr\\s+\\+i"
+  description: "Detects global permission downgrades (chmod 777) or setting immutable flags"
+  remediation: "Prompt for confirmation. Suggest least-privilege permission models."
+
+# ── Obfuscation & Defense Evasion ─────────────────────────────────────
+- id: TOOL_CMD_OBFUSCATED_EXEC
+  tools: [execute_shell_command]
+  params: [command]
+  category: code_execution
+  severity: HIGH
+  patterns:
+    - "\\bbase64\\s+(-d|--decode)\\s*\\|\\s*\\b(bash|sh|zsh)\\b"
+  description: "Detects execution of base64 encoded strings passed directly to a shell interpreter"
+  remediation: "Block execution. Agents should use plain text commands."