github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 08:12:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): make allowFrom id-only by default with dangerous name opt-in (#24907)

Browse Source 
* fix(channels): default allowFrom to id-only; add dangerous name opt-in

* docs(security): align channel allowFrom docs with id-only default
This commit is contained in:
Peter Steinberger
2026-02-24 01:01:51 +00:00
committed by GitHub
parent 41b0568b35
commit cfa44ea6b4
53 changed files with 852 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/channels/allowlist-match.ts
View File

@@ -26,6 +26,7 @@ export function resolveAllowlistMatchSimple(params: {
allowFrom: Array<string | number>;
senderId: string;
senderName?: string | null;
allowNameMatching?: boolean;
}): AllowlistMatch<"wildcard" | "id" | "name"> {
const allowFrom = params.allowFrom
.map((entry) => String(entry).trim().toLowerCase())
@@ -44,7 +45,7 @@ export function resolveAllowlistMatchSimple(params: {
}
const senderName = params.senderName?.toLowerCase();
if (senderName && allowFrom.includes(senderName)) {
if (params.allowNameMatching === true && senderName && allowFrom.includes(senderName)) {
return { allowed: true, matchKey: senderName, matchSource: "name" };
}