github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-14 05:18:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(exec): block shell-wrapper positional argv approval smuggling

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-24 15:16:55 +00:00
parent 80daaeba38
commit 0f0a680d3d
3 changed files with 97 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/infra/system-run-command.test.ts
View File

@@ -103,6 +103,13 @@ describe("system run command helpers", () => {
expect(res.ok).toBe(true);
});
test("validateSystemRunCommandConsistency rejects shell-only rawCommand for positional-argv carrier wrappers", () => {
expectRawCommandMismatch({
argv: ["/bin/sh", "-lc", '$0 "$1"', "/usr/bin/touch", "/tmp/marker"],
rawCommand: '$0 "$1"',
});
});
test("validateSystemRunCommandConsistency accepts rawCommand matching env shell wrapper argv", () => {
const res = validateSystemRunCommandConsistency({
argv: ["/usr/bin/env", "bash", "-lc", "echo hi"],
@@ -170,6 +177,18 @@ describe("system run command helpers", () => {
expect(res.cmdText).toBe("echo SAFE&&whoami");
});
test("resolveSystemRunCommand binds cmdText to full argv for shell-wrapper positional-argv carriers", () => {
const res = resolveSystemRunCommand({
command: ["/bin/sh", "-lc", '$0 "$1"', "/usr/bin/touch", "/tmp/marker"],
});
expect(res.ok).toBe(true);
if (!res.ok) {
throw new Error("unreachable");
}
expect(res.shellCommand).toBe('$0 "$1"');
expect(res.cmdText).toBe('/bin/sh -lc "$0 \\"$1\\"" /usr/bin/touch /tmp/marker');
});
test("resolveSystemRunCommand binds cmdText to full argv when env prelude modifies shell wrapper", () => {
const res = resolveSystemRunCommand({
command: ["/usr/bin/env", "BASH_ENV=/tmp/payload.sh", "bash", "-lc", "echo hi"],