github manuelschipper/nah v0.6.2
on GitHub

14 hours ago

Added

  • Default-config dry runsnah test --defaults now ignores user/project config and uses packaged defaults for one dry-run classification, keeping /nah-demo base battery results stable under customized local configs while preserving --config for explicit variants (nah-jpv)

Fixed

  • find -exec shell-wrapper classification — Bash classification now unwraps find -exec / -execdir / -ok / -okdir payloads through the same inner-command pipeline as direct sh -c and bash -lc, so hidden network access and curl | sh composition no longer collapse to project-local filesystem paths while safe grep and project-local cleanup still allow (#52, nah-871)
  • Shell comment prefix bypass — Bash command classification now treats top-level newlines as command separators and strips shell comments before per-stage tokenization, so comment-prefixed commands such as # note\ncat /etc/shadow no longer collapse to ALLOW / empty command while quoted hashes and heredoc content remain intact (#71, nah-870)
Check out latest releases or
releases around manuelschipper/nah v0.6.2

Don't miss a new nah release

NewReleases is sending notifications on new releases.

Get notifications