github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 01:33:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): harden prompt path sanitization

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-16 02:48:46 +01:00
parent 19f53543d2
commit 6254e96acf
4 changed files with 97 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/agents/sanitize-for-prompt.ts Normal file
View File

@@ -0,0 +1,18 @@
/**
* Sanitize untrusted strings before embedding them into an LLM prompt.
*
* Threat model (OC-19): attacker-controlled directory names (or other runtime strings)
* that contain newline/control characters can break prompt structure and inject
* arbitrary instructions.
*
* Strategy (Option 3 hardening):
* - Strip Unicode "control" (Cc) + "format" (Cf) characters (includes CR/LF/NUL, bidi marks, zero-width chars).
* - Strip explicit line/paragraph separators (Zl/Zp): U+2028/U+2029.
*
* Notes:
* - This is intentionally lossy; it trades edge-case path fidelity for prompt integrity.
* - If you need lossless representation, escape instead of stripping.
*/
export function sanitizeForPromptLiteral(value: string): string {
return value.replace(/[\p{Cc}\p{Cf}\u2028\u2029]/gu, "");
}