github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 08:51:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(security): extract safe-bin policy and dedupe tests

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-19 14:23:19 +01:00
parent 0e85380e56
commit 2d485cd47a
3 changed files with 365 additions and 406 deletions
Download Patch File Download Diff File Expand all files Collapse all files

218
src/agents/pi-tools.safe-bins.e2e.test.ts
View File

@@ -67,40 +67,74 @@ vi.mock("../infra/exec-approvals.js", async (importOriginal) => {
return { ...mod, resolveExecApprovals: () => approvals };
});
type ExecToolResult = {
content: Array<{ type: string; text?: string }>;
details?: { status?: string };
};
type ExecTool = {
execute(
callId: string,
params: {
command: string;
workdir: string;
env?: Record<string, string>;
},
): Promise<ExecToolResult>;
};
async function createSafeBinsExecTool(params: {
tmpPrefix: string;
safeBins: string[];
files?: Array<{ name: string; contents: string }>;
}): Promise<{ tmpDir: string; execTool: ExecTool }> {
const { createOpenClawCodingTools } = await import("./pi-tools.js");
const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), params.tmpPrefix));
for (const file of params.files ?? []) {
fs.writeFileSync(path.join(tmpDir, file.name), file.contents, "utf8");
}
const cfg: OpenClawConfig = {
tools: {
exec: {
host: "gateway",
security: "allowlist",
ask: "off",
safeBins: params.safeBins,
},
},
};
const tools = createOpenClawCodingTools({
config: cfg,
sessionKey: "agent:main:main",
workspaceDir: tmpDir,
agentDir: path.join(tmpDir, "agent"),
});
const execTool = tools.find((tool) => tool.name === "exec");
if (!execTool) {
throw new Error("exec tool missing from coding tools");
}
return { tmpDir, execTool: execTool as ExecTool };
}
describe("createOpenClawCodingTools safeBins", () => {
it("threads tools.exec.safeBins into exec allowlist checks", async () => {
if (process.platform === "win32") {
return;
}
const { createOpenClawCodingTools } = await import("./pi-tools.js");
const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "openclaw-safe-bins-"));
const cfg: OpenClawConfig = {
tools: {
exec: {
host: "gateway",
security: "allowlist",
ask: "off",
safeBins: ["echo"],
},
},
};
const tools = createOpenClawCodingTools({
config: cfg,
sessionKey: "agent:main:main",
workspaceDir: tmpDir,
agentDir: path.join(tmpDir, "agent"),
const { tmpDir, execTool } = await createSafeBinsExecTool({
tmpPrefix: "openclaw-safe-bins-",
safeBins: ["echo"],
});
const execTool = tools.find((tool) => tool.name === "exec");
expect(execTool).toBeDefined();
const marker = `safe-bins-${Date.now()}`;
const envSnapshot = captureEnv(["OPENCLAW_SHELL_ENV_TIMEOUT_MS"]);
const result = await (async () => {
try {
process.env.OPENCLAW_SHELL_ENV_TIMEOUT_MS = "1000";
return await execTool!.execute("call1", {
return await execTool.execute("call1", {
command: `echo ${marker}`,
workdir: tmpDir,
});
@@ -120,33 +154,14 @@ describe("createOpenClawCodingTools safeBins", () => {
return;
}
const { createOpenClawCodingTools } = await import("./pi-tools.js");
const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "openclaw-safe-bins-expand-"));
fs.writeFileSync(path.join(tmpDir, "secret.txt"), "TOP_SECRET\n", "utf8");
const cfg: OpenClawConfig = {
tools: {
exec: {
host: "gateway",
security: "allowlist",
ask: "off",
safeBins: ["head", "wc"],
},
},
};
const tools = createOpenClawCodingTools({
config: cfg,
sessionKey: "agent:main:main",
workspaceDir: tmpDir,
agentDir: path.join(tmpDir, "agent"),
const { tmpDir, execTool } = await createSafeBinsExecTool({
tmpPrefix: "openclaw-safe-bins-expand-",
safeBins: ["head", "wc"],
files: [{ name: "secret.txt", contents: "TOP_SECRET\n" }],
});
const execTool = tools.find((tool) => tool.name === "exec");
expect(execTool).toBeDefined();
await expect(
execTool!.execute("call1", {
execTool.execute("call1", {
command: "head $FOO ; wc -l",
workdir: tmpDir,
env: { FOO: "secret.txt" },
@@ -159,33 +174,15 @@ describe("createOpenClawCodingTools safeBins", () => {
return;
}
const { createOpenClawCodingTools } = await import("./pi-tools.js");
const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "openclaw-safe-bins-oracle-"));
fs.writeFileSync(path.join(tmpDir, "existing.txt"), "x\n", "utf8");
const cfg: OpenClawConfig = {
tools: {
exec: {
host: "gateway",
security: "allowlist",
ask: "off",
safeBins: ["sort"],
},
},
};
const tools = createOpenClawCodingTools({
config: cfg,
sessionKey: "agent:main:main",
workspaceDir: tmpDir,
agentDir: path.join(tmpDir, "agent"),
const { tmpDir, execTool } = await createSafeBinsExecTool({
tmpPrefix: "openclaw-safe-bins-oracle-",
safeBins: ["sort"],
files: [{ name: "existing.txt", contents: "x\n" }],
});
const execTool = tools.find((tool) => tool.name === "exec");
expect(execTool).toBeDefined();
const run = async (command: string) => {
try {
const result = await execTool!.execute("call-oracle", { command, workdir: tmpDir });
const result = await execTool.execute("call-oracle", { command, workdir: tmpDir });
const text = result.content.find((content) => content.type === "text")?.text ?? "";
const resultDetails = result.details as { status?: string };
return { kind: "result" as const, status: resultDetails.status, text };
@@ -204,46 +201,25 @@ describe("createOpenClawCodingTools safeBins", () => {
return;
}
const { createOpenClawCodingTools } = await import("./pi-tools.js");
const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "openclaw-safe-bins-sort-"));
const cfg: OpenClawConfig = {
tools: {
exec: {
host: "gateway",
security: "allowlist",
ask: "off",
safeBins: ["sort"],
},
},
};
const tools = createOpenClawCodingTools({
config: cfg,
sessionKey: "agent:main:main",
workspaceDir: tmpDir,
agentDir: path.join(tmpDir, "agent"),
const { tmpDir, execTool } = await createSafeBinsExecTool({
tmpPrefix: "openclaw-safe-bins-sort-",
safeBins: ["sort"],
});
const execTool = tools.find((tool) => tool.name === "exec");
expect(execTool).toBeDefined();
const shortTarget = path.join(tmpDir, "blocked-short.txt");
await expect(
execTool!.execute("call1", {
command: "sort -oblocked-short.txt",
workdir: tmpDir,
}),
).rejects.toThrow("exec denied: allowlist miss");
expect(fs.existsSync(shortTarget)).toBe(false);
const cases = [
{ command: "sort -oblocked-short.txt", target: "blocked-short.txt" },
{ command: "sort --output=blocked-long.txt", target: "blocked-long.txt" },
] as const;
const longTarget = path.join(tmpDir, "blocked-long.txt");
await expect(
execTool!.execute("call2", {
command: "sort --output=blocked-long.txt",
workdir: tmpDir,
}),
).rejects.toThrow("exec denied: allowlist miss");
expect(fs.existsSync(longTarget)).toBe(false);
for (const [index, testCase] of cases.entries()) {
await expect(
execTool.execute(`call${index + 1}`, {
command: testCase.command,
workdir: tmpDir,
}),
).rejects.toThrow("exec denied: allowlist miss");
expect(fs.existsSync(path.join(tmpDir, testCase.target))).toBe(false);
}
});
it("blocks grep recursive flags from reading cwd via safeBins", async () => {
@@ -251,36 +227,14 @@ describe("createOpenClawCodingTools safeBins", () => {
return;
}
const { createOpenClawCodingTools } = await import("./pi-tools.js");
const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "openclaw-safe-bins-grep-"));
fs.writeFileSync(
path.join(tmpDir, "secret.txt"),
"SAFE_BINS_RECURSIVE_SHOULD_NOT_LEAK\n",
"utf8",
);
const cfg: OpenClawConfig = {
tools: {
exec: {
host: "gateway",
security: "allowlist",
ask: "off",
safeBins: ["grep"],
},
},
};
const tools = createOpenClawCodingTools({
config: cfg,
sessionKey: "agent:main:main",
workspaceDir: tmpDir,
agentDir: path.join(tmpDir, "agent"),
const { tmpDir, execTool } = await createSafeBinsExecTool({
tmpPrefix: "openclaw-safe-bins-grep-",
safeBins: ["grep"],
files: [{ name: "secret.txt", contents: "SAFE_BINS_RECURSIVE_SHOULD_NOT_LEAK\n" }],
});
const execTool = tools.find((tool) => tool.name === "exec");
expect(execTool).toBeDefined();
await expect(
execTool!.execute("call1", {
execTool.execute("call1", {
command: "grep -R SAFE_BINS_RECURSIVE_SHOULD_NOT_LEAK",
workdir: tmpDir,
}),