Security: harden tool media paths

2026-05-07 14:51:24 +00:00 · 2026-02-20 13:31:40 -06:00
parent 67edc7790f
commit c378439246
10 changed files with 120 additions and 16 deletions
--- a/src/web/media.test.ts
+++ b/src/web/media.test.ts
@@ -108,7 +108,7 @@ afterEach(() => {
 describe("web media loading", () => {
  beforeAll(() => {
    // Ensure state dir is stable and not influenced by other tests that stub OPENCLAW_STATE_DIR.
-    // Also keep it outside os.tmpdir() so tmpdir localRoots doesn't accidentally make all state readable.
+    // Also keep it outside the OpenClaw temp root so default localRoots doesn't accidentally make all state readable.
    stateDirSnapshot = captureEnv(["OPENCLAW_STATE_DIR"]);
    process.env.OPENCLAW_STATE_DIR = path.join(
      path.parse(os.tmpdir()).root,
--- a/src/web/media.ts
+++ b/src/web/media.ts
@@ -73,9 +73,9 @@ async function assertLocalMediaAllowed(
    resolved = path.resolve(mediaPath);
  }

-  // Hardening: the default allowlist includes `os.tmpdir()`, and tests/CI may
+  // Hardening: the default allowlist includes the OpenClaw temp dir, and tests/CI may
  // override the state dir into tmp. Avoid accidentally allowing per-agent
-  // `workspace-*` state roots via the tmpdir prefix match; require explicit
+  // `workspace-*` state roots via the temp-root prefix match; require explicit
  // localRoots for those.
  if (localRoots === undefined) {
    const workspaceRoot = roots.find((root) => path.basename(root) === "workspace");