github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 06:31:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(security): make empty allowlist behavior explicit

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-21 19:54:52 +01:00
parent ed960ba4eb
commit 2ba6de7eaa
3 changed files with 35 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/plugin-sdk/allow-from.ts
View File

@@ -21,12 +21,15 @@ export function isAllowedParsedChatSender<TParsed extends ParsedChatAllowTarget>
chatId?: number | null;
chatGuid?: string | null;
chatIdentifier?: string | null;
emptyAllowFrom?: "deny" | "allow";
normalizeSender: (sender: string) => string;
parseAllowTarget: (entry: string) => TParsed;
}): boolean {
const allowFrom = params.allowFrom.map((entry) => String(entry).trim());
if (allowFrom.length === 0) {
return false;
// Fail closed by default. Callers can opt into legacy "empty = allow all"
// behavior explicitly when a surface intentionally treats an empty list as open.
return params.emptyAllowFrom === "allow";
}
if (allowFrom.includes("*")) {
return true;