refactor(security): tighten sandbox bind validation

2026-05-08 18:58:26 +00:00 · 2026-02-16 03:19:38 +01:00
parent a74251d415
commit a7cbce1b3d
4 changed files with 54 additions and 44 deletions
--- a/src/security/audit-extra.sync.ts
+++ b/src/security/audit-extra.sync.ts
@@ -11,7 +11,7 @@ import {
  resolveSandboxConfigForAgent,
  resolveSandboxToolPolicyForAgent,
 } from "../agents/sandbox.js";
-import { getBlockedBindReasonStringOnly } from "../agents/sandbox/validate-sandbox-security.js";
+import { getBlockedBindReason } from "../agents/sandbox/validate-sandbox-security.js";
 import { resolveToolProfilePolicy } from "../agents/tool-policy.js";
 import { resolveBrowserConfig } from "../browser/config.js";
 import { formatCliCommand } from "../cli/command-format.js";
@@ -616,7 +616,7 @@ export function collectSandboxDangerousConfigFindings(cfg: OpenClawConfig): Secu
      if (typeof bind !== "string") {
        continue;
      }
-      const blocked = getBlockedBindReasonStringOnly(bind);
+      const blocked = getBlockedBindReason(bind);
      if (!blocked) {
        continue;
      }