github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 00:58:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): harden imessage remote scp/ssh handling

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-19 11:07:56 +01:00
parent cdb00fe242
commit 49d0def6d1
12 changed files with 150 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/infra/scp-host.test.ts Normal file
View File

@@ -0,0 +1,19 @@
import { describe, expect, it } from "vitest";
import { isSafeScpRemoteHost, normalizeScpRemoteHost } from "./scp-host.js";
describe("scp remote host", () => {
it("accepts host and user@host forms", () => {
expect(normalizeScpRemoteHost("gateway-host")).toBe("gateway-host");
expect(normalizeScpRemoteHost("bot@gateway-host")).toBe("bot@gateway-host");
expect(normalizeScpRemoteHost("bot@192.168.64.3")).toBe("bot@192.168.64.3");
expect(normalizeScpRemoteHost("bot@[fe80::1]")).toBe("bot@[fe80::1]");
});
it("rejects unsafe host tokens", () => {
expect(isSafeScpRemoteHost("-oProxyCommand=whoami")).toBe(false);
expect(isSafeScpRemoteHost("bot@gateway-host -oStrictHostKeyChecking=no")).toBe(false);
expect(isSafeScpRemoteHost("bot@host:22")).toBe(false);
expect(isSafeScpRemoteHost("bot@/tmp/host")).toBe(false);
expect(isSafeScpRemoteHost("bot@@host")).toBe(false);
});
});