github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 18:28:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(exec): harden safe-bin trust and add explicit trusted dirs

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-22 22:42:29 +01:00
parent 08fb38f729
commit 64b273a71c
18 changed files with 123 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/infra/exec-safe-bin-runtime-policy.test.ts
View File

@@ -70,4 +70,18 @@ describe("exec safe-bin runtime policy", () => {
expect(policy.unprofiledSafeBins).toEqual(["python3"]);
expect(policy.unprofiledInterpreterSafeBins).toEqual(["python3"]);
});
it("merges explicit safe-bin trusted dirs from global and local config", () => {
const policy = resolveExecSafeBinRuntimePolicy({
global: {
safeBinTrustedDirs: [" /custom/bin ", "/custom/bin"],
},
local: {
safeBinTrustedDirs: ["/agent/bin"],
},
});
expect(policy.trustedSafeBinDirs.has("/custom/bin")).toBe(true);
expect(policy.trustedSafeBinDirs.has("/agent/bin")).toBe(true);
});
});