github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 07:21:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): extend audit hardening checks

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-13 16:26:37 +01:00
parent faa4959111
commit 1def8c5448
8 changed files with 599 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/security/audit.ts
View File

@@ -18,8 +18,11 @@ import {
collectHooksHardeningFindings,
collectIncludeFilePermFindings,
collectInstalledSkillsCodeSafetyFindings,
collectMinimalProfileOverrideFindings,
collectModelHygieneFindings,
collectNodeDenyCommandPatternFindings,
collectSmallModelRiskFindings,
collectSandboxDockerNoopFindings,
collectPluginsTrustFindings,
collectSecretsInConfigFindings,
collectPluginsCodeSafetyFindings,
@@ -980,6 +983,9 @@ export async function runSecurityAudit(opts: SecurityAuditOptions): Promise<Secu
findings.push(...collectLoggingFindings(cfg));
findings.push(...collectElevatedFindings(cfg));
findings.push(...collectHooksHardeningFindings(cfg));
findings.push(...collectSandboxDockerNoopFindings(cfg));
findings.push(...collectNodeDenyCommandPatternFindings(cfg));
findings.push(...collectMinimalProfileOverrideFindings(cfg));
findings.push(...collectSecretsInConfigFindings(cfg));
findings.push(...collectModelHygieneFindings(cfg));
findings.push(...collectSmallModelRiskFindings({ cfg, env }));