fix(security): harden plugin/hook npm installs

2026-05-10 10:22:44 +00:00 · 2026-02-14 14:07:07 +01:00
parent d69b32a073
commit 6f7d31c426
10 changed files with 391 additions and 119 deletions
--- a/src/hooks/install.test.ts
+++ b/src/hooks/install.test.ts
@@ -4,7 +4,7 @@ import fs from "node:fs";
 import os from "node:os";
 import path from "node:path";
 import * as tar from "tar";
-import { afterAll, describe, expect, it, vi } from "vitest";
+import { afterAll, beforeEach, describe, expect, it, vi } from "vitest";

 const fixtureRoot = path.join(os.tmpdir(), `openclaw-hook-install-${randomUUID()}`);
 let tempDirIndex = 0;
@@ -13,6 +13,28 @@ vi.mock("../process/exec.js", () => ({
  runCommandWithTimeout: vi.fn(),
 }));

+async function packToArchive({
+  pkgDir,
+  outDir,
+  outName,
+}: {
+  pkgDir: string;
+  outDir: string;
+  outName: string;
+}) {
+  const dest = path.join(outDir, outName);
+  fs.rmSync(dest, { force: true });
+  await tar.c(
+    {
+      gzip: true,
+      file: dest,
+      cwd: path.dirname(pkgDir),
+    },
+    [path.basename(pkgDir)],
+  );
+  return dest;
+}
+
 function makeTempDir() {
  const dir = path.join(fixtureRoot, `case-${tempDirIndex++}`);
  fs.mkdirSync(dir, { recursive: true });
@@ -20,7 +42,8 @@ function makeTempDir() {
 }

 const { runCommandWithTimeout } = await import("../process/exec.js");
-const { installHooksFromArchive, installHooksFromPath } = await import("./install.js");
+const { installHooksFromArchive, installHooksFromNpmSpec, installHooksFromPath } =
+  await import("./install.js");

 afterAll(() => {
  try {
@@ -30,6 +53,10 @@ afterAll(() => {
  }
 });

+beforeEach(() => {
+  vi.clearAllMocks();
+});
+
 describe("installHooksFromArchive", () => {
  it("installs hook packs from zip archives", async () => {
    const stateDir = makeTempDir();
@@ -308,3 +335,88 @@ describe("installHooksFromPath", () => {
    expect(fs.existsSync(path.join(result.targetDir, "HOOK.md"))).toBe(true);
  });
 });
+
+describe("installHooksFromNpmSpec", () => {
+  it("uses --ignore-scripts for npm pack and cleans up temp dir", async () => {
+    const workDir = makeTempDir();
+    const stateDir = makeTempDir();
+    const pkgDir = path.join(workDir, "package");
+    fs.mkdirSync(path.join(pkgDir, "hooks", "one-hook"), { recursive: true });
+    fs.writeFileSync(
+      path.join(pkgDir, "package.json"),
+      JSON.stringify({
+        name: "@openclaw/test-hooks",
+        version: "0.0.1",
+        openclaw: { hooks: ["./hooks/one-hook"] },
+      }),
+      "utf-8",
+    );
+    fs.writeFileSync(
+      path.join(pkgDir, "hooks", "one-hook", "HOOK.md"),
+      [
+        "---",
+        "name: one-hook",
+        "description: One hook",
+        'metadata: {"openclaw":{"events":["command:new"]}}',
+        "---",
+        "",
+        "# One Hook",
+      ].join("\n"),
+      "utf-8",
+    );
+    fs.writeFileSync(
+      path.join(pkgDir, "hooks", "one-hook", "handler.ts"),
+      "export default async () => {};\n",
+      "utf-8",
+    );
+
+    const run = vi.mocked(runCommandWithTimeout);
+    let packTmpDir = "";
+    const packedName = "test-hooks-0.0.1.tgz";
+    run.mockImplementation(async (argv, opts) => {
+      if (argv[0] === "npm" && argv[1] === "pack") {
+        packTmpDir = String(opts?.cwd ?? "");
+        await packToArchive({ pkgDir, outDir: packTmpDir, outName: packedName });
+        return { code: 0, stdout: `${packedName}\n`, stderr: "", signal: null, killed: false };
+      }
+      throw new Error(`unexpected command: ${argv.join(" ")}`);
+    });
+
+    const hooksDir = path.join(stateDir, "hooks");
+    const result = await installHooksFromNpmSpec({
+      spec: "@openclaw/test-hooks@0.0.1",
+      hooksDir,
+      logger: { info: () => {}, warn: () => {} },
+    });
+    expect(result.ok).toBe(true);
+    if (!result.ok) {
+      return;
+    }
+    expect(result.hookPackId).toBe("test-hooks");
+    expect(fs.existsSync(path.join(result.targetDir, "hooks", "one-hook", "HOOK.md"))).toBe(true);
+
+    const packCalls = run.mock.calls.filter(
+      (c) => Array.isArray(c[0]) && c[0][0] === "npm" && c[0][1] === "pack",
+    );
+    expect(packCalls.length).toBe(1);
+    const packCall = packCalls[0];
+    if (!packCall) {
+      throw new Error("expected npm pack call");
+    }
+    const [argv, options] = packCall;
+    expect(argv).toEqual(["npm", "pack", "@openclaw/test-hooks@0.0.1", "--ignore-scripts"]);
+    expect(options?.env).toMatchObject({ NPM_CONFIG_IGNORE_SCRIPTS: "true" });
+
+    expect(packTmpDir).not.toBe("");
+    expect(fs.existsSync(packTmpDir)).toBe(false);
+  });
+
+  it("rejects non-registry npm specs", async () => {
+    const result = await installHooksFromNpmSpec({ spec: "github:evil/evil" });
+    expect(result.ok).toBe(false);
+    if (result.ok) {
+      return;
+    }
+    expect(result.error).toContain("unsupported npm spec");
+  });
+});