github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 05:01:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: block safeBins sort --compress-program bypass

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-21 19:13:53 +01:00
parent bdfb97afad
commit 57fbbaebca
6 changed files with 54 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/infra/exec-approvals.test.ts
View File

@@ -564,6 +564,22 @@ describe("exec approvals safe bins", () => {
safeBins: ["sort"],
executableName: "sort",
},
{
name: "blocks sort external program flag via --compress-program=<prog>",
argv: ["sort", "--compress-program=sh"],
resolvedPath: "/usr/bin/sort",
expected: false,
safeBins: ["sort"],
executableName: "sort",
},
{
name: "blocks sort external program flag via --compress-program <prog>",
argv: ["sort", "--compress-program", "sh"],
resolvedPath: "/usr/bin/sort",
expected: false,
safeBins: ["sort"],
executableName: "sort",
},
{
name: "blocks grep recursive flags that read cwd",
argv: ["grep", "-R", "needle"],