fix: harden plugin and hook install paths

2026-04-18 16:27:26 +00:00 · 2026-02-02 02:04:50 -08:00
parent be9a2fb134
commit d03eca8450
9 changed files with 307 additions and 14 deletions
--- a/src/plugins/install.test.ts
+++ b/src/plugins/install.test.ts
@@ -268,6 +268,78 @@ describe("installPluginFromArchive", () => {
    expect(manifest.version).toBe("0.0.2");
  });

+  it("rejects traversal-like plugin names", async () => {
+    const stateDir = makeTempDir();
+    const workDir = makeTempDir();
+    const pkgDir = path.join(workDir, "package");
+    fs.mkdirSync(path.join(pkgDir, "dist"), { recursive: true });
+    fs.writeFileSync(
+      path.join(pkgDir, "package.json"),
+      JSON.stringify({
+        name: "@evil/..",
+        version: "0.0.1",
+        openclaw: { extensions: ["./dist/index.js"] },
+      }),
+      "utf-8",
+    );
+    fs.writeFileSync(path.join(pkgDir, "dist", "index.js"), "export {};", "utf-8");
+
+    const archivePath = packToArchive({
+      pkgDir,
+      outDir: workDir,
+      outName: "traversal.tgz",
+    });
+
+    const extensionsDir = path.join(stateDir, "extensions");
+    const { installPluginFromArchive } = await import("./install.js");
+    const result = await installPluginFromArchive({
+      archivePath,
+      extensionsDir,
+    });
+
+    expect(result.ok).toBe(false);
+    if (result.ok) {
+      return;
+    }
+    expect(result.error).toContain("reserved path segment");
+  });
+
+  it("rejects reserved plugin ids", async () => {
+    const stateDir = makeTempDir();
+    const workDir = makeTempDir();
+    const pkgDir = path.join(workDir, "package");
+    fs.mkdirSync(path.join(pkgDir, "dist"), { recursive: true });
+    fs.writeFileSync(
+      path.join(pkgDir, "package.json"),
+      JSON.stringify({
+        name: "@evil/.",
+        version: "0.0.1",
+        openclaw: { extensions: ["./dist/index.js"] },
+      }),
+      "utf-8",
+    );
+    fs.writeFileSync(path.join(pkgDir, "dist", "index.js"), "export {};", "utf-8");
+
+    const archivePath = packToArchive({
+      pkgDir,
+      outDir: workDir,
+      outName: "reserved.tgz",
+    });
+
+    const extensionsDir = path.join(stateDir, "extensions");
+    const { installPluginFromArchive } = await import("./install.js");
+    const result = await installPluginFromArchive({
+      archivePath,
+      extensionsDir,
+    });
+
+    expect(result.ok).toBe(false);
+    if (result.ok) {
+      return;
+    }
+    expect(result.error).toContain("reserved path segment");
+  });
+
  it("rejects packages without openclaw.extensions", async () => {
    const stateDir = makeTempDir();
    const workDir = makeTempDir();
--- a/src/plugins/install.ts
+++ b/src/plugins/install.ts
@@ -49,13 +49,26 @@ function safeDirName(input: string): string {
  if (!trimmed) {
    return trimmed;
  }
-  return trimmed.replaceAll("/", "__");
+  return trimmed.replaceAll("/", "__").replaceAll("\\", "__");
 }

 function safeFileName(input: string): string {
  return safeDirName(input);
 }

+function validatePluginId(pluginId: string): string | null {
+  if (!pluginId) {
+    return "invalid plugin name: missing";
+  }
+  if (pluginId === "." || pluginId === "..") {
+    return "invalid plugin name: reserved path segment";
+  }
+  if (pluginId.includes("/") || pluginId.includes("\\")) {
+    return "invalid plugin name: path separators not allowed";
+  }
+  return null;
+}
+
 async function ensureOpenClawExtensions(manifest: PackageManifest) {
  const extensions = manifest[MANIFEST_KEY]?.extensions;
  if (!Array.isArray(extensions)) {
@@ -72,7 +85,34 @@ export function resolvePluginInstallDir(pluginId: string, extensionsDir?: string
  const extensionsBase = extensionsDir
    ? resolveUserPath(extensionsDir)
    : path.join(CONFIG_DIR, "extensions");
-  return path.join(extensionsBase, safeDirName(pluginId));
+  const pluginIdError = validatePluginId(pluginId);
+  if (pluginIdError) {
+    throw new Error(pluginIdError);
+  }
+  const targetDirResult = resolveSafeInstallDir(extensionsBase, pluginId);
+  if (!targetDirResult.ok) {
+    throw new Error(targetDirResult.error);
+  }
+  return targetDirResult.path;
+}
+
+function resolveSafeInstallDir(
+  extensionsDir: string,
+  pluginId: string,
+): { ok: true; path: string } | { ok: false; error: string } {
+  const targetDir = path.join(extensionsDir, safeDirName(pluginId));
+  const resolvedBase = path.resolve(extensionsDir);
+  const resolvedTarget = path.resolve(targetDir);
+  const relative = path.relative(resolvedBase, resolvedTarget);
+  if (
+    !relative ||
+    relative === ".." ||
+    relative.startsWith(`..${path.sep}`) ||
+    path.isAbsolute(relative)
+  ) {
+    return { ok: false, error: "invalid plugin name: path traversal detected" };
+  }
+  return { ok: true, path: targetDir };
 }

 async function installPluginFromPackageDir(params: {
@@ -110,6 +150,10 @@ async function installPluginFromPackageDir(params: {

  const pkgName = typeof manifest.name === "string" ? manifest.name : "";
  const pluginId = pkgName ? unscopedPackageName(pkgName) : "plugin";
+  const pluginIdError = validatePluginId(pluginId);
+  if (pluginIdError) {
+    return { ok: false, error: pluginIdError };
+  }
  if (params.expectedPluginId && params.expectedPluginId !== pluginId) {
    return {
      ok: false,
@@ -122,7 +166,11 @@ async function installPluginFromPackageDir(params: {
    : path.join(CONFIG_DIR, "extensions");
  await fs.mkdir(extensionsDir, { recursive: true });

-  const targetDir = path.join(extensionsDir, safeDirName(pluginId));
+  const targetDirResult = resolveSafeInstallDir(extensionsDir, pluginId);
+  if (!targetDirResult.ok) {
+    return { ok: false, error: targetDirResult.error };
+  }
+  const targetDir = targetDirResult.path;

  if (mode === "install" && (await fileExists(targetDir))) {
    return {
@@ -307,6 +355,10 @@ export async function installPluginFromFile(params: {

  const base = path.basename(filePath, path.extname(filePath));
  const pluginId = base || "plugin";
+  const pluginIdError = validatePluginId(pluginId);
+  if (pluginIdError) {
+    return { ok: false, error: pluginIdError };
+  }
  const targetFile = path.join(extensionsDir, `${safeFileName(pluginId)}${path.extname(filePath)}`);

  if (mode === "install" && (await fileExists(targetFile))) {
--- a/src/plugins/update.ts
+++ b/src/plugins/update.ts
@@ -189,7 +189,17 @@ export async function updateNpmInstalledPlugins(params: {
      continue;
    }

-    const installPath = record.installPath ?? resolvePluginInstallDir(pluginId);
+    let installPath: string;
+    try {
+      installPath = record.installPath ?? resolvePluginInstallDir(pluginId);
+    } catch (err) {
+      outcomes.push({
+        pluginId,
+        status: "error",
+        message: `Invalid install path for "${pluginId}": ${String(err)}`,
+      });
+      continue;
+    }
    const currentVersion = await readInstalledPackageVersion(installPath);

    if (params.dryRun) {