github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 01:51:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: dedupe exec wrapper denial plan and test setup

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-25 00:43:19 +00:00
parent 943b8f171a
commit a9ce6bd79b
3 changed files with 140 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/infra/exec-approvals.test.ts
View File

@@ -24,6 +24,14 @@ import {
type ExecAllowlistEntry,
} from "./exec-approvals.js";
function buildNestedEnvShellCommand(params: {
envExecutable: string;
depth: number;
payload: string;
}): string[] {
return [...Array(params.depth).fill(params.envExecutable), "/bin/sh", "-c", params.payload];
}
describe("exec approvals allowlist matching", () => {
const baseResolution = {
rawExecutable: "rg",
@@ -311,7 +319,11 @@ describe("exec approvals command resolution", () => {
fs.chmodSync(envPath, 0o755);
const analysis = analyzeArgvCommand({
argv: [envPath, envPath, envPath, envPath, envPath, "/bin/sh", "-c", "echo pwned"],
argv: buildNestedEnvShellCommand({
envExecutable: envPath,
depth: 5,
payload: "echo pwned",
}),
cwd: dir,
env: makePathEnv(binDir),
});