fix(exec): require explicit safe-bin profiles

2026-05-09 14:34:32 +00:00 · 2026-02-22 12:57:53 +01:00
parent d055b948fb
commit 47c3f742b6
15 changed files with 226 additions and 9 deletions
--- a/src/agents/pi-tools.safe-bins.test.ts
+++ b/src/agents/pi-tools.safe-bins.test.ts
@@ -4,6 +4,7 @@ import path from "node:path";
 import { afterAll, beforeAll, describe, expect, it, vi } from "vitest";
 import type { OpenClawConfig } from "../config/config.js";
 import type { ExecApprovalsResolved } from "../infra/exec-approvals.js";
+import type { SafeBinProfileFixture } from "../infra/exec-safe-bin-policy.js";
 import { captureEnv } from "../test-utils/env.js";

 const bundledPluginsDirSnapshot = captureEnv(["OPENCLAW_BUNDLED_PLUGINS_DIR"]);
@@ -86,6 +87,7 @@ type ExecTool = {
 async function createSafeBinsExecTool(params: {
  tmpPrefix: string;
  safeBins: string[];
+  safeBinProfiles?: Record<string, SafeBinProfileFixture>;
  files?: Array<{ name: string; contents: string }>;
 }): Promise<{ tmpDir: string; execTool: ExecTool }> {
  const { createOpenClawCodingTools } = await import("./pi-tools.js");
@@ -101,6 +103,7 @@ async function createSafeBinsExecTool(params: {
        security: "allowlist",
        ask: "off",
        safeBins: params.safeBins,
+        safeBinProfiles: params.safeBinProfiles,
      },
    },
  };
@@ -139,6 +142,9 @@ describe("createOpenClawCodingTools safeBins", () => {
      {
        tmpPrefix: "openclaw-safe-bins-",
        safeBins: ["echo"],
+        safeBinProfiles: {
+          echo: { maxPositional: 1 },
+        },
      },
      async ({ tmpDir, execTool }) => {
        const marker = `safe-bins-${Date.now()}`;
@@ -155,6 +161,23 @@ describe("createOpenClawCodingTools safeBins", () => {
    );
  });

+  it("rejects unprofiled custom safe-bin entries", async () => {
+    await withSafeBinsExecTool(
+      {
+        tmpPrefix: "openclaw-safe-bins-unprofiled-",
+        safeBins: ["echo"],
+      },
+      async ({ tmpDir, execTool }) => {
+        await expect(
+          execTool.execute("call1", {
+            command: "echo hello",
+            workdir: tmpDir,
+          }),
+        ).rejects.toThrow("exec denied: allowlist miss");
+      },
+    );
+  });
+
  it("does not allow env var expansion to smuggle file args via safeBins", async () => {
    await withSafeBinsExecTool(
      {