github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 16:21:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): harden hooks module loading

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-14 14:04:29 +01:00
parent 3d0a41b584
commit 35c0e66ed0
11 changed files with 145 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/hooks/loader.test.ts
View File

@@ -79,7 +79,7 @@ describe("loader", () => {
handlers: [
{
event: "command:new",
module: handlerPath,
module: path.basename(handlerPath),
},
],
},
@@ -106,8 +106,8 @@ describe("loader", () => {
internal: {
enabled: true,
handlers: [
{ event: "command:new", module: handler1Path },
{ event: "command:stop", module: handler2Path },
{ event: "command:new", module: path.basename(handler1Path) },
{ event: "command:stop", module: path.basename(handler2Path) },
],
},
},
@@ -138,7 +138,7 @@ describe("loader", () => {
handlers: [
{
event: "command:new",
module: handlerPath,
module: path.basename(handlerPath),
export: "myHandler",
},
],
@@ -158,7 +158,7 @@ describe("loader", () => {
handlers: [
{
event: "command:new",
module: "/nonexistent/path/handler.js",
module: "missing-handler.js",
},
],
},
@@ -182,7 +182,7 @@ describe("loader", () => {
handlers: [
{
event: "command:new",
module: handlerPath,
module: path.basename(handlerPath),
},
],
},
@@ -199,8 +199,8 @@ describe("loader", () => {
const handlerPath = path.join(tmpDir, "relative-handler.js");
await fs.writeFile(handlerPath, "export default async function() {}", "utf-8");
// Get relative path from cwd
const relativePath = path.relative(process.cwd(), handlerPath);
// Relative to workspaceDir (tmpDir)
const relativePath = path.relative(tmpDir, handlerPath);
const cfg: OpenClawConfig = {
hooks: {
@@ -241,7 +241,7 @@ describe("loader", () => {
handlers: [
{
event: "command:new",
module: handlerPath,
module: path.basename(handlerPath),
},
],
},