github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 00:41:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): block grep safe-bin file-read bypass

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-21 11:18:19 +01:00
parent f81522af2e
commit c6ee14d60e
5 changed files with 45 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/infra/exec-approvals.test.ts
View File

@@ -497,6 +497,22 @@ describe("exec approvals safe bins", () => {
safeBins: ["grep"],
executableName: "grep",
},
{
name: "blocks grep file positional when pattern uses -e",
argv: ["grep", "-e", "needle", ".env"],
resolvedPath: "/usr/bin/grep",
expected: false,
safeBins: ["grep"],
executableName: "grep",
},
{
name: "blocks grep file positional after -- terminator",
argv: ["grep", "-e", "needle", "--", ".env"],
resolvedPath: "/usr/bin/grep",
expected: false,
safeBins: ["grep"],
executableName: "grep",
},
];
for (const testCase of cases) {