mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-07 21:11:26 +00:00
refactor(security): unify dangerous name matching handling
This commit is contained in:
Peter Steinberger
@@ -26,6 +26,7 @@ import { createReplyReferencePlanner } from "../../auto-reply/reply/reply-refere
|
||||
import { createReplyPrefixOptions } from "../../channels/reply-prefix.js";
|
||||
import { recordInboundSession } from "../../channels/session.js";
|
||||
import type { OpenClawConfig } from "../../config/config.js";
|
||||
import { isDangerousNameMatchingEnabled } from "../../config/dangerous-name-matching.js";
|
||||
import { resolveMarkdownTableMode } from "../../config/markdown-tables.js";
|
||||
import { readSessionUpdatedAt, resolveStorePath } from "../../config/sessions.js";
|
||||
import type { DiscordAccountConfig } from "../../config/types.discord.js";
|
||||
@@ -365,7 +366,7 @@ async function ensureAgentComponentInteractionAllowed(params: {
|
||||
replyOpts: params.replyOpts,
|
||||
componentLabel: params.componentLabel,
|
||||
unauthorizedReply: params.unauthorizedReply,
|
||||
allowNameMatching: params.ctx.discordConfig?.dangerouslyAllowNameMatching === true,
|
||||
allowNameMatching: isDangerousNameMatchingEnabled(params.ctx.discordConfig),
|
||||
});
|
||||
if (!memberAllowed) {
|
||||
return null;
|
||||
@@ -481,7 +482,7 @@ async function ensureDmComponentAuthorized(params: {
|
||||
name: user.username,
|
||||
tag: formatDiscordUserTag(user),
|
||||
},
|
||||
allowNameMatching: ctx.discordConfig?.dangerouslyAllowNameMatching === true,
|
||||
allowNameMatching: isDangerousNameMatchingEnabled(ctx.discordConfig),
|
||||
})
|
||||
: { allowed: false };
|
||||
if (allowMatch.allowed) {
|
||||
@@ -784,7 +785,7 @@ async function dispatchDiscordComponentEvent(params: {
|
||||
channelConfig,
|
||||
guildInfo,
|
||||
sender: { id: interactionCtx.user.id, name: interactionCtx.user.username, tag: senderTag },
|
||||
allowNameMatching: ctx.discordConfig?.dangerouslyAllowNameMatching === true,
|
||||
allowNameMatching: isDangerousNameMatchingEnabled(ctx.discordConfig),
|
||||
});
|
||||
const storePath = resolveStorePath(ctx.cfg.session?.store, { agentId });
|
||||
const envelopeOptions = resolveEnvelopeFormatOptions(ctx.cfg);
|
||||
@@ -982,7 +983,7 @@ async function handleDiscordComponentEvent(params: {
|
||||
replyOpts,
|
||||
componentLabel: params.componentLabel,
|
||||
unauthorizedReply,
|
||||
allowNameMatching: params.ctx.discordConfig?.dangerouslyAllowNameMatching === true,
|
||||
allowNameMatching: isDangerousNameMatchingEnabled(params.ctx.discordConfig),
|
||||
});
|
||||
if (!memberAllowed) {
|
||||
return;
|
||||
@@ -995,7 +996,7 @@ async function handleDiscordComponentEvent(params: {
|
||||
replyOpts,
|
||||
componentLabel: params.componentLabel,
|
||||
unauthorizedReply,
|
||||
allowNameMatching: params.ctx.discordConfig?.dangerouslyAllowNameMatching === true,
|
||||
allowNameMatching: isDangerousNameMatchingEnabled(params.ctx.discordConfig),
|
||||
});
|
||||
if (!componentAllowed) {
|
||||
return;
|
||||
@@ -1134,7 +1135,7 @@ async function handleDiscordModalTrigger(params: {
|
||||
replyOpts,
|
||||
componentLabel: "form",
|
||||
unauthorizedReply,
|
||||
allowNameMatching: params.ctx.discordConfig?.dangerouslyAllowNameMatching === true,
|
||||
allowNameMatching: isDangerousNameMatchingEnabled(params.ctx.discordConfig),
|
||||
});
|
||||
if (!memberAllowed) {
|
||||
return;
|
||||
@@ -1147,7 +1148,7 @@ async function handleDiscordModalTrigger(params: {
|
||||
replyOpts,
|
||||
componentLabel: "form",
|
||||
unauthorizedReply,
|
||||
allowNameMatching: params.ctx.discordConfig?.dangerouslyAllowNameMatching === true,
|
||||
allowNameMatching: isDangerousNameMatchingEnabled(params.ctx.discordConfig),
|
||||
});
|
||||
if (!componentAllowed) {
|
||||
return;
|
||||
@@ -1583,7 +1584,7 @@ class DiscordComponentModal extends Modal {
|
||||
replyOpts,
|
||||
componentLabel: "form",
|
||||
unauthorizedReply: "You are not authorized to use this form.",
|
||||
allowNameMatching: this.ctx.discordConfig?.dangerouslyAllowNameMatching === true,
|
||||
allowNameMatching: isDangerousNameMatchingEnabled(this.ctx.discordConfig),
|
||||
});
|
||||
if (!memberAllowed) {
|
||||
return;
|
||||
|
||||
@@ -14,6 +14,7 @@ import { resolveControlCommandGate } from "../../channels/command-gating.js";
|
||||
import { logInboundDrop } from "../../channels/logging.js";
|
||||
import { resolveMentionGatingWithBypass } from "../../channels/mention-gating.js";
|
||||
import { loadConfig } from "../../config/config.js";
|
||||
import { isDangerousNameMatchingEnabled } from "../../config/dangerous-name-matching.js";
|
||||
import { logVerbose, shouldLogVerbose } from "../../globals.js";
|
||||
import { recordChannelActivity } from "../../infra/channel-activity.js";
|
||||
import { enqueueSystemEvent } from "../../infra/system-events.js";
|
||||
@@ -190,7 +191,7 @@ export async function preflightDiscordMessage(
|
||||
name: sender.name,
|
||||
tag: sender.tag,
|
||||
},
|
||||
allowNameMatching: params.discordConfig?.dangerouslyAllowNameMatching === true,
|
||||
allowNameMatching: isDangerousNameMatchingEnabled(params.discordConfig),
|
||||
})
|
||||
: { allowed: false };
|
||||
const allowMatchMeta = formatAllowlistMatchMeta(allowMatch);
|
||||
@@ -564,7 +565,7 @@ export async function preflightDiscordMessage(
|
||||
guildInfo,
|
||||
memberRoleIds,
|
||||
sender,
|
||||
allowNameMatching: params.discordConfig?.dangerouslyAllowNameMatching === true,
|
||||
allowNameMatching: isDangerousNameMatchingEnabled(params.discordConfig),
|
||||
});
|
||||
|
||||
if (!isDirectMessage) {
|
||||
@@ -581,7 +582,7 @@ export async function preflightDiscordMessage(
|
||||
name: sender.name,
|
||||
tag: sender.tag,
|
||||
},
|
||||
{ allowNameMatching: params.discordConfig?.dangerouslyAllowNameMatching === true },
|
||||
{ allowNameMatching: isDangerousNameMatchingEnabled(params.discordConfig) },
|
||||
)
|
||||
: false;
|
||||
const useAccessGroups = params.cfg.commands?.useAccessGroups !== false;
|
||||
|
||||
@@ -21,6 +21,7 @@ import {
|
||||
type StatusReactionAdapter,
|
||||
} from "../../channels/status-reactions.js";
|
||||
import { createTypingCallbacks } from "../../channels/typing.js";
|
||||
import { isDangerousNameMatchingEnabled } from "../../config/dangerous-name-matching.js";
|
||||
import { resolveDiscordPreviewStreamMode } from "../../config/discord-preview-streaming.js";
|
||||
import { resolveMarkdownTableMode } from "../../config/markdown-tables.js";
|
||||
import { readSessionUpdatedAt, resolveStorePath } from "../../config/sessions.js";
|
||||
@@ -199,7 +200,7 @@ export async function processDiscordMessage(ctx: DiscordMessagePreflightContext)
|
||||
channelConfig,
|
||||
guildInfo,
|
||||
sender: { id: sender.id, name: sender.name, tag: sender.tag },
|
||||
allowNameMatching: discordConfig?.dangerouslyAllowNameMatching === true,
|
||||
allowNameMatching: isDangerousNameMatchingEnabled(discordConfig),
|
||||
});
|
||||
const storePath = resolveStorePath(cfg.session?.store, {
|
||||
agentId: route.agentId,
|
||||
|
||||
@@ -39,6 +39,7 @@ import type { ReplyPayload } from "../../auto-reply/types.js";
|
||||
import { resolveCommandAuthorizedFromAuthorizers } from "../../channels/command-gating.js";
|
||||
import { createReplyPrefixOptions } from "../../channels/reply-prefix.js";
|
||||
import type { OpenClawConfig, loadConfig } from "../../config/config.js";
|
||||
import { isDangerousNameMatchingEnabled } from "../../config/dangerous-name-matching.js";
|
||||
import { resolveOpenProviderRuntimeGroupPolicy } from "../../config/runtime-group-policy.js";
|
||||
import { loadSessionStore, resolveStorePath } from "../../config/sessions.js";
|
||||
import { logVerbose } from "../../globals.js";
|
||||
@@ -1283,7 +1284,7 @@ async function dispatchDiscordCommandInteraction(params: {
|
||||
name: sender.name,
|
||||
tag: sender.tag,
|
||||
},
|
||||
{ allowNameMatching: discordConfig?.dangerouslyAllowNameMatching === true },
|
||||
{ allowNameMatching: isDangerousNameMatchingEnabled(discordConfig) },
|
||||
)
|
||||
: false;
|
||||
const guildInfo = resolveDiscordGuildEntry({
|
||||
@@ -1374,7 +1375,7 @@ async function dispatchDiscordCommandInteraction(params: {
|
||||
name: sender.name,
|
||||
tag: sender.tag,
|
||||
},
|
||||
{ allowNameMatching: discordConfig?.dangerouslyAllowNameMatching === true },
|
||||
{ allowNameMatching: isDangerousNameMatchingEnabled(discordConfig) },
|
||||
)
|
||||
: false;
|
||||
if (!permitted) {
|
||||
@@ -1412,7 +1413,7 @@ async function dispatchDiscordCommandInteraction(params: {
|
||||
guildInfo,
|
||||
memberRoleIds,
|
||||
sender,
|
||||
allowNameMatching: discordConfig?.dangerouslyAllowNameMatching === true,
|
||||
allowNameMatching: isDangerousNameMatchingEnabled(discordConfig),
|
||||
});
|
||||
const authorizers = useAccessGroups
|
||||
? [
|
||||
@@ -1518,7 +1519,7 @@ async function dispatchDiscordCommandInteraction(params: {
|
||||
channelConfig,
|
||||
guildInfo,
|
||||
sender: { id: sender.id, name: sender.name, tag: sender.tag },
|
||||
allowNameMatching: discordConfig?.dangerouslyAllowNameMatching === true,
|
||||
allowNameMatching: isDangerousNameMatchingEnabled(discordConfig),
|
||||
});
|
||||
const ctxPayload = finalizeInboundContext({
|
||||
Body: prompt,
|
||||
|
||||
@@ -21,6 +21,7 @@ import {
|
||||
} from "../../config/commands.js";
|
||||
import type { OpenClawConfig, ReplyToMode } from "../../config/config.js";
|
||||
import { loadConfig } from "../../config/config.js";
|
||||
import { isDangerousNameMatchingEnabled } from "../../config/dangerous-name-matching.js";
|
||||
import {
|
||||
GROUP_POLICY_BLOCKED_LABEL,
|
||||
resolveOpenProviderRuntimeGroupPolicy,
|
||||
@@ -559,7 +560,7 @@ export async function monitorDiscordProvider(opts: MonitorDiscordOpts = {}) {
|
||||
accountId: account.accountId,
|
||||
runtime,
|
||||
botUserId,
|
||||
allowNameMatching: discordCfg.dangerouslyAllowNameMatching === true,
|
||||
allowNameMatching: isDangerousNameMatchingEnabled(discordCfg),
|
||||
guildEntries,
|
||||
logger,
|
||||
}),
|
||||
@@ -571,7 +572,7 @@ export async function monitorDiscordProvider(opts: MonitorDiscordOpts = {}) {
|
||||
accountId: account.accountId,
|
||||
runtime,
|
||||
botUserId,
|
||||
allowNameMatching: discordCfg.dangerouslyAllowNameMatching === true,
|
||||
allowNameMatching: isDangerousNameMatchingEnabled(discordCfg),
|
||||
guildEntries,
|
||||
logger,
|
||||
}),
|
||||
|
||||
@@ -12,6 +12,7 @@ import {
|
||||
} from "discord-api-types/v10";
|
||||
import { resolveCommandAuthorizedFromAuthorizers } from "../../channels/command-gating.js";
|
||||
import type { OpenClawConfig } from "../../config/config.js";
|
||||
import { isDangerousNameMatchingEnabled } from "../../config/dangerous-name-matching.js";
|
||||
import type { DiscordAccountConfig } from "../../config/types.js";
|
||||
import {
|
||||
allowListMatches,
|
||||
@@ -156,7 +157,7 @@ async function authorizeVoiceCommand(
|
||||
guildInfo,
|
||||
memberRoleIds,
|
||||
sender,
|
||||
allowNameMatching: params.discordConfig?.dangerouslyAllowNameMatching === true,
|
||||
allowNameMatching: isDangerousNameMatchingEnabled(params.discordConfig),
|
||||
});
|
||||
|
||||
const ownerAllowList = normalizeDiscordAllowList(
|
||||
@@ -171,7 +172,7 @@ async function authorizeVoiceCommand(
|
||||
name: sender.name,
|
||||
tag: sender.tag,
|
||||
},
|
||||
{ allowNameMatching: params.discordConfig?.dangerouslyAllowNameMatching === true },
|
||||
{ allowNameMatching: isDangerousNameMatchingEnabled(params.discordConfig) },
|
||||
)
|
||||
: false;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user