github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 20:44:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: harden sandbox tmp media validation (#17892) (thanks @dashed)

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-22 00:23:55 +01:00
parent 2958a8414d
commit d3991d6aa9
3 changed files with 39 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
src/agents/sandbox-paths.test.ts
View File

@@ -88,6 +88,39 @@ describe("resolveSandboxedMediaSource", () => {
}
});
it("rejects relative traversal outside sandbox even when sandbox root is under tmpdir", async () => {
const sandboxDir = await fs.mkdtemp(path.join(os.tmpdir(), "sandbox-media-"));
try {
await expect(
resolveSandboxedMediaSource({
media: "../outside-sandbox.png",
sandboxRoot: sandboxDir,
}),
).rejects.toThrow(/sandbox/i);
} finally {
await fs.rm(sandboxDir, { recursive: true, force: true });
}
});
it("rejects symlinked tmpdir paths escaping tmpdir", async () => {
if (process.platform === "win32") {
return;
}
const sandboxDir = await fs.mkdtemp(path.join(os.tmpdir(), "sandbox-media-"));
const symlinkPath = path.join(sandboxDir, "tmp-link-escape");
try {
await fs.symlink("/etc/passwd", symlinkPath);
await expect(
resolveSandboxedMediaSource({
media: symlinkPath,
sandboxRoot: sandboxDir,
}),
).rejects.toThrow(/symlink|sandbox/i);
} finally {
await fs.rm(sandboxDir, { recursive: true, force: true });
}
});
it("rejects file:// URLs outside sandbox", async () => {
const sandboxDir = await fs.mkdtemp(path.join(os.tmpdir(), "sandbox-media-"));
try {