github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 08:11:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(sandbox): block @-prefixed workspace path bypass

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-24 17:22:46 +00:00
parent f154926cc0
commit 9ef0fc2ff8
6 changed files with 58 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/agents/pi-tools.read.ts
View File

@@ -571,7 +571,7 @@ function mapContainerPathToWorkspaceRoot(params: {
return params.filePath;
}
let candidate = params.filePath;
let candidate = params.filePath.startsWith("@") ? params.filePath.slice(1) : params.filePath;
if (/^file:\/\//i.test(candidate)) {
try {
candidate = fileURLToPath(candidate);