github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 00:38:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): harden safeBins stdin-only enforcement

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-19 14:07:43 +01:00
parent 3c127b6eac
commit cfe8457a0f
6 changed files with 200 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/infra/exec-approvals-analysis.ts
View File

@@ -1,10 +1,10 @@
import fs from "node:fs";
import path from "node:path";
import { splitShellArgs } from "../utils/shell-argv.js";
import type { ExecAllowlistEntry } from "./exec-approvals.js";
import { splitShellArgs } from "../utils/shell-argv.js";
import { expandHomePrefix } from "./home-dir.js";
export const DEFAULT_SAFE_BINS = ["jq", "grep", "cut", "sort", "uniq", "head", "tail", "tr", "wc"];
export const DEFAULT_SAFE_BINS = ["jq", "cut", "uniq", "head", "tail", "tr", "wc"];
export type CommandResolution = {
rawExecutable: string;