github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 11:01:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: expand SSRF guard coverage

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-02 04:57:09 -08:00
parent c429ccb64f
commit 9bd64c8a1f
14 changed files with 214 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/agents/skills-install.ts
View File

@@ -5,6 +5,7 @@ import { Readable } from "node:stream";
import { pipeline } from "node:stream/promises";
import type { OpenClawConfig } from "../config/config.js";
import { resolveBrewExecutable } from "../infra/brew.js";
import { fetchWithSsrFGuard } from "../infra/net/fetch-guard.js";
import { runCommandWithTimeout } from "../process/exec.js";
import { CONFIG_DIR, ensureDir, resolveUserPath } from "../utils.js";
import {
@@ -176,10 +177,11 @@ async function downloadFile(
destPath: string,
timeoutMs: number,
): Promise<{ bytes: number }> {
const controller = new AbortController();
const timeout = setTimeout(() => controller.abort(), Math.max(1_000, timeoutMs));
const { response, release } = await fetchWithSsrFGuard({
url,
timeoutMs: Math.max(1_000, timeoutMs),
});
try {
const response = await fetch(url, { signal: controller.signal });
if (!response.ok || !response.body) {
throw new Error(`Download failed (${response.status} ${response.statusText})`);
}
@@ -193,7 +195,7 @@ async function downloadFile(
const stat = await fs.promises.stat(destPath);
return { bytes: stat.size };
} finally {
clearTimeout(timeout);
await release();
}
}