github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 22:28:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(security): unify secure id paths and guard weak patterns

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-22 10:14:55 +01:00
parent ae8d4a8eec
commit 6c2e999776
12 changed files with 167 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/auto-reply/reply/get-reply-inline-actions.ts
View File

@@ -6,6 +6,7 @@ import { getChannelDock } from "../../channels/dock.js";
import type { OpenClawConfig } from "../../config/config.js";
import type { SessionEntry } from "../../config/sessions.js";
import { logVerbose } from "../../globals.js";
import { generateSecureToken } from "../../infra/secure-random.js";
import { resolveGatewayMessageChannel } from "../../utils/message-channel.js";
import {
listReservedChatSlashCommandNames,
@@ -210,7 +211,7 @@ export async function handleInlineActions(params: {
return { kind: "reply", reply: { text: `❌ Tool not available: ${dispatch.toolName}` } };
}
const toolCallId = `cmd_${Date.now()}_${Math.random().toString(16).slice(2)}`;
const toolCallId = `cmd_${generateSecureToken(8)}`;
try {
const result = await tool.execute(toolCallId, {
command: rawArgs,