github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 19:38:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(security): simplify safe-bin validation structure

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-19 14:29:58 +01:00
parent 74c51aeb1e
commit 165c18819e
3 changed files with 101 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/infra/exec-approvals-allowlist.ts
View File

@@ -1,3 +1,4 @@
import type { ExecAllowlistEntry } from "./exec-approvals.js";
import {
DEFAULT_SAFE_BINS,
analyzeShellCommand,
@@ -9,7 +10,6 @@ import {
type CommandResolution,
type ExecCommandSegment,
} from "./exec-approvals-analysis.js";
import type { ExecAllowlistEntry } from "./exec-approvals.js";
import {
SAFE_BIN_GENERIC_PROFILE,
SAFE_BIN_PROFILES,
@@ -38,8 +38,6 @@ export function isSafeBinUsage(params: {
argv: string[];
resolution: CommandResolution | null;
safeBins: Set<string>;
cwd?: string;
fileExists?: (filePath: string) => boolean;
trustedSafeBinDirs?: ReadonlySet<string>;
}): boolean {
// Windows host exec uses PowerShell, which has different parsing/expansion rules.
@@ -116,7 +114,6 @@ function evaluateSegments(
argv: segment.argv,
resolution: segment.resolution,
safeBins: params.safeBins,
cwd: params.cwd,
trustedSafeBinDirs: params.trustedSafeBinDirs,
});
const skillAllow =