github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 21:08:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Security: harden web tools and file parsing (#4058)

Browse Source 
* feat: web content security wrapping + gkeep/simple-backup skills

* fix: harden web fetch + media text detection (#4058) (thanks @VACInc)

---------

Co-authored-by: VAC <vac@vacs-mac-mini.localdomain>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
This commit is contained in:
VACInc
2026-02-01 18:23:25 -05:00
committed by GitHub
parent 92112a61db
commit b796f6ec01
14 changed files with 1095 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/agents/tools/web-search.ts
View File

@@ -2,6 +2,7 @@ import { Type } from "@sinclair/typebox";
import type { OpenClawConfig } from "../../config/config.js";
import type { AnyAgentTool } from "./common.js";
import { formatCliCommand } from "../../cli/command-format.js";
import { wrapWebContent } from "../../security/external-content.js";
import { jsonResult, readNumberParam, readStringParam } from "./common.js";
import {
CacheEntry,
@@ -389,7 +390,7 @@ async function runWebSearch(params: {
provider: params.provider,
model: params.perplexityModel ?? DEFAULT_PERPLEXITY_MODEL,
tookMs: Date.now() - start,
content,
content: wrapWebContent(content),
citations,
};
writeCache(SEARCH_CACHE, cacheKey, payload, params.cacheTtlMs);
@@ -432,13 +433,19 @@ async function runWebSearch(params: {
const data = (await res.json()) as BraveSearchResponse;
const results = Array.isArray(data.web?.results) ? (data.web?.results ?? []) : [];
const mapped = results.map((entry) => ({
title: entry.title ?? "",
url: entry.url ?? "",
description: entry.description ?? "",
published: entry.age ?? undefined,
siteName: resolveSiteName(entry.url ?? ""),
}));
const mapped = results.map((entry) => {
const description = entry.description ?? "";
const title = entry.title ?? "";
const url = entry.url ?? "";
const rawSiteName = resolveSiteName(url);
return {
title: title ? wrapWebContent(title, "web_search") : "",
url, // Keep raw for tool chaining
description: description ? wrapWebContent(description, "web_search") : "",
published: entry.age || undefined,
siteName: rawSiteName || undefined,
};
});
const payload = {
query: params.query,