github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 17:34:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): block HOME and ZDOTDIR env override injection

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-22 09:41:55 +01:00
parent ccc00d874c
commit c2c7114ed3
6 changed files with 55 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/infra/host-env-security.policy-parity.test.ts
View File

@@ -4,6 +4,7 @@ import { describe, expect, it } from "vitest";
type HostEnvSecurityPolicy = {
blockedKeys: string[];
blockedOverrideKeys?: string[];
blockedPrefixes: string[];
};
@@ -27,12 +28,17 @@ describe("host env security policy parity", () => {
const swiftSource = fs.readFileSync(swiftPath, "utf8");
const swiftBlockedKeys = parseSwiftStringArray(swiftSource, "private static let blockedKeys");
const swiftBlockedOverrideKeys = parseSwiftStringArray(
swiftSource,
"private static let blockedOverrideKeys",
);
const swiftBlockedPrefixes = parseSwiftStringArray(
swiftSource,
"private static let blockedPrefixes",
);
expect(swiftBlockedKeys).toEqual(policy.blockedKeys);
expect(swiftBlockedOverrideKeys).toEqual(policy.blockedOverrideKeys ?? []);
expect(swiftBlockedPrefixes).toEqual(policy.blockedPrefixes);
});
});