github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 21:58:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): harden and refactor system.run command resolution

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-21 11:49:13 +01:00
parent 5cc631cc9c
commit 6007941f04
6 changed files with 679 additions and 368 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
src/infra/system-run-command.test.ts
View File

@@ -2,6 +2,7 @@ import { describe, expect, test } from "vitest";
import {
extractShellCommandFromArgv,
formatExecCommand,
resolveSystemRunCommand,
validateSystemRunCommandConsistency,
} from "./system-run-command.js";
@@ -18,6 +19,12 @@ describe("system run command helpers", () => {
expect(extractShellCommandFromArgv(["cmd.exe", "/d", "/s", "/c", "echo hi"])).toBe("echo hi");
});
test("extractShellCommandFromArgv includes trailing cmd.exe args after /c", () => {
expect(extractShellCommandFromArgv(["cmd.exe", "/d", "/s", "/c", "echo", "SAFE&&whoami"])).toBe(
"echo SAFE&&whoami",
);
});
test("validateSystemRunCommandConsistency accepts rawCommand matching direct argv", () => {
const res = validateSystemRunCommandConsistency({
argv: ["echo", "hi"],
@@ -51,4 +58,41 @@ describe("system run command helpers", () => {
});
expect(res.ok).toBe(true);
});
test("validateSystemRunCommandConsistency rejects cmd.exe /c trailing-arg smuggling", () => {
const res = validateSystemRunCommandConsistency({
argv: ["cmd.exe", "/d", "/s", "/c", "echo", "SAFE&&whoami"],
rawCommand: "echo",
});
expect(res.ok).toBe(false);
if (res.ok) {
throw new Error("unreachable");
}
expect(res.message).toContain("rawCommand does not match command");
expect(res.details?.code).toBe("RAW_COMMAND_MISMATCH");
});
test("resolveSystemRunCommand requires command when rawCommand is present", () => {
const res = resolveSystemRunCommand({ rawCommand: "echo hi" });
expect(res.ok).toBe(false);
if (res.ok) {
throw new Error("unreachable");
}
expect(res.message).toContain("rawCommand requires params.command");
expect(res.details?.code).toBe("MISSING_COMMAND");
});
test("resolveSystemRunCommand returns normalized argv and cmdText", () => {
const res = resolveSystemRunCommand({
command: ["cmd.exe", "/d", "/s", "/c", "echo", "SAFE&&whoami"],
rawCommand: "echo SAFE&&whoami",
});
expect(res.ok).toBe(true);
if (!res.ok) {
throw new Error("unreachable");
}
expect(res.argv).toEqual(["cmd.exe", "/d", "/s", "/c", "echo", "SAFE&&whoami"]);
expect(res.shellCommand).toBe("echo SAFE&&whoami");
expect(res.cmdText).toBe("echo SAFE&&whoami");
});
});