fix(macos): unify exec allowlist validation pipeline

2026-04-25 12:18:37 +00:00 · 2026-02-21 23:09:03 +01:00
parent 61dc7ac679
commit 2028ca4428
6 changed files with 322 additions and 93 deletions
--- a/apps/macos/Sources/OpenClaw/ExecAllowlistMatcher.swift
+++ b/apps/macos/Sources/OpenClaw/ExecAllowlistMatcher.swift
@@ -7,12 +7,12 @@ enum ExecAllowlistMatcher {
        let resolvedPath = resolution.resolvedPath

        for entry in entries {
-            let pattern = entry.pattern.trimmingCharacters(in: .whitespacesAndNewlines)
-            if pattern.isEmpty { continue }
-            let hasPath = pattern.contains("/") || pattern.contains("~") || pattern.contains("\\")
-            if hasPath {
+            switch ExecApprovalHelpers.validateAllowlistPattern(entry.pattern) {
+            case .valid(let pattern):
                let target = resolvedPath ?? rawExecutable
                if self.matches(pattern: pattern, target: target) { return entry }
+            case .invalid:
+                continue
            }
        }
        return nil