github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-11 04:24:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(security): unify dangerous name matching handling

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-24 01:32:23 +00:00
parent 6a7c303dcc
commit 161d9841dc
17 changed files with 671 additions and 471 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/discord/monitor/native-command.ts
View File

@@ -39,6 +39,7 @@ import type { ReplyPayload } from "../../auto-reply/types.js";
import { resolveCommandAuthorizedFromAuthorizers } from "../../channels/command-gating.js";
import { createReplyPrefixOptions } from "../../channels/reply-prefix.js";
import type { OpenClawConfig, loadConfig } from "../../config/config.js";
import { isDangerousNameMatchingEnabled } from "../../config/dangerous-name-matching.js";
import { resolveOpenProviderRuntimeGroupPolicy } from "../../config/runtime-group-policy.js";
import { loadSessionStore, resolveStorePath } from "../../config/sessions.js";
import { logVerbose } from "../../globals.js";
@@ -1283,7 +1284,7 @@ async function dispatchDiscordCommandInteraction(params: {
name: sender.name,
tag: sender.tag,
},
{ allowNameMatching: discordConfig?.dangerouslyAllowNameMatching === true },
{ allowNameMatching: isDangerousNameMatchingEnabled(discordConfig) },
)
: false;
const guildInfo = resolveDiscordGuildEntry({
@@ -1374,7 +1375,7 @@ async function dispatchDiscordCommandInteraction(params: {
name: sender.name,
tag: sender.tag,
},
{ allowNameMatching: discordConfig?.dangerouslyAllowNameMatching === true },
{ allowNameMatching: isDangerousNameMatchingEnabled(discordConfig) },
)
: false;
if (!permitted) {
@@ -1412,7 +1413,7 @@ async function dispatchDiscordCommandInteraction(params: {
guildInfo,
memberRoleIds,
sender,
allowNameMatching: discordConfig?.dangerouslyAllowNameMatching === true,
allowNameMatching: isDangerousNameMatchingEnabled(discordConfig),
});
const authorizers = useAccessGroups
? [
@@ -1518,7 +1519,7 @@ async function dispatchDiscordCommandInteraction(params: {
channelConfig,
guildInfo,
sender: { id: sender.id, name: sender.name, tag: sender.tag },
allowNameMatching: discordConfig?.dangerouslyAllowNameMatching === true,
allowNameMatching: isDangerousNameMatchingEnabled(discordConfig),
});
const ctxPayload = finalizeInboundContext({
Body: prompt,