github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-13 09:10:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): bind node system.run approvals to env

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-26 16:37:54 +01:00
parent f877e7e74c
commit 9a4b2266cc
18 changed files with 401 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/infra/host-env-security.test.ts
View File

@@ -16,6 +16,7 @@ describe("isDangerousHostEnvVarName", () => {
expect(isDangerousHostEnvVarName("BASH_ENV")).toBe(true);
expect(isDangerousHostEnvVarName("bash_env")).toBe(true);
expect(isDangerousHostEnvVarName("SHELL")).toBe(true);
expect(isDangerousHostEnvVarName("GIT_EXTERNAL_DIFF")).toBe(true);
expect(isDangerousHostEnvVarName("SHELLOPTS")).toBe(true);
expect(isDangerousHostEnvVarName("ps4")).toBe(true);
expect(isDangerousHostEnvVarName("DYLD_INSERT_LIBRARIES")).toBe(true);
@@ -32,6 +33,7 @@ describe("sanitizeHostExecEnv", () => {
baseEnv: {
PATH: "/usr/bin:/bin",
BASH_ENV: "/tmp/pwn.sh",
GIT_EXTERNAL_DIFF: "/tmp/pwn.sh",
LD_PRELOAD: "/tmp/pwn.so",
OK: "1",
},