github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-12 10:51:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Gateway: harden cron.runs jobId path handling (openclaw#24038) thanks @Takhoffman

Browse Source 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
This commit is contained in:
Tak Hoffman
2026-02-22 19:35:26 -06:00
committed by GitHub
parent 45febecf2a
commit 259d863353
6 changed files with 79 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/cron/run-log.ts
View File

@@ -19,10 +19,27 @@ export type CronRunLogEntry = {
nextRunAtMs?: number;
} & CronRunTelemetry;
function assertSafeCronRunLogJobId(jobId: string): string {
const trimmed = jobId.trim();
if (!trimmed) {
throw new Error("invalid cron run log job id");
}
if (trimmed.includes("/") || trimmed.includes("\\") || trimmed.includes("\0")) {
throw new Error("invalid cron run log job id");
}
return trimmed;
}
export function resolveCronRunLogPath(params: { storePath: string; jobId: string }) {
const storePath = path.resolve(params.storePath);
const dir = path.dirname(storePath);
return path.join(dir, "runs", `${params.jobId}.jsonl`);
const runsDir = path.resolve(dir, "runs");
const safeJobId = assertSafeCronRunLogJobId(params.jobId);
const resolvedPath = path.resolve(runsDir, `${safeJobId}.jsonl`);
if (!resolvedPath.startsWith(`${runsDir}${path.sep}`)) {
throw new Error("invalid cron run log job id");
}
return resolvedPath;
}
const writesByPath = new Map<string, Promise<void>>();