github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-07 00:01:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): default-deny command execution

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-17 08:27:52 +00:00
parent d8b463d0b3
commit 56f3a2de25
36 changed files with 247 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/auto-reply/reply/abort.test.ts
View File

@@ -70,6 +70,7 @@ describe("abort detection", () => {
ctx: {
CommandBody: "/stop",
RawBody: "/stop",
CommandAuthorized: true,
SessionKey: "telegram:123",
Provider: "telegram",
Surface: "telegram",
@@ -132,6 +133,7 @@ describe("abort detection", () => {
ctx: {
CommandBody: "/stop",
RawBody: "/stop",
CommandAuthorized: true,
SessionKey: sessionKey,
Provider: "telegram",
Surface: "telegram",
@@ -188,6 +190,7 @@ describe("abort detection", () => {
ctx: {
CommandBody: "/stop",
RawBody: "/stop",
CommandAuthorized: true,
SessionKey: sessionKey,
Provider: "telegram",
Surface: "telegram",

2
src/auto-reply/reply/abort.ts
View File

@@ -132,7 +132,7 @@ export async function tryFastAbortFromMessage(params: {
const abortRequested = normalized === "/stop" || isAbortTrigger(stripped);
if (!abortRequested) return { handled: false, aborted: false };
const commandAuthorized = ctx.CommandAuthorized ?? true;
const commandAuthorized = ctx.CommandAuthorized ?? false;
const auth = resolveCommandAuthorization({
ctx,
cfg,

2
src/auto-reply/reply/get-reply.ts
View File

@@ -84,7 +84,7 @@ export async function getReplyFromConfig(
activeModel: { provider, model },
});
const commandAuthorized = ctx.CommandAuthorized ?? true;
const commandAuthorized = ctx.CommandAuthorized ?? false;
resolveCommandAuthorization({
ctx,
cfg,