github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 06:31:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: sanitize pairing recovery requestId hints (#24771) (thanks @markmusson)

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-24 03:53:29 +00:00
parent b902d5ade0
commit 69a541c3f0
3 changed files with 54 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/commands/status.command.ts
View File

@@ -41,6 +41,17 @@ function resolvePairingRecoveryContext(params: {
error?: string | null;
closeReason?: string | null;
}): { requestId: string | null } | null {
const sanitizeRequestId = (value: string): string | null => {
const trimmed = value.trim();
if (!trimmed) {
return null;
}
// Keep CLI guidance injection-safe: allow only compact id characters.
if (!/^[A-Za-z0-9][A-Za-z0-9._:-]{0,127}$/.test(trimmed)) {
return null;
}
return trimmed;
};
const source = [params.error, params.closeReason]
.filter((part) => typeof part === "string" && part.trim().length > 0)
.join(" ");
@@ -48,7 +59,8 @@ function resolvePairingRecoveryContext(params: {
return null;
}
const requestIdMatch = source.match(/requestId:\s*([^\s)]+)/i);
const requestId = requestIdMatch && requestIdMatch[1] ? requestIdMatch[1].trim() : "";
const requestId =
requestIdMatch && requestIdMatch[1] ? sanitizeRequestId(requestIdMatch[1]) : null;
return { requestId: requestId || null };
}