github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 10:57:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(security): share installed plugin directory scan helper

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-19 00:29:07 +00:00
parent 6ae7e6fd1f
commit d6768098a1
1 changed files with 35 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
src/security/audit-extra.async.ts
View File

@@ -96,6 +96,26 @@ function formatCodeSafetyDetails(findings: SkillScanFinding[], rootDir: string):
.join("\n"); .join("\n");
} }
async function listInstalledPluginDirs(params: {
stateDir: string;
onReadError?: (error: unknown) => void;
}): Promise<{ extensionsDir: string; pluginDirs: string[] }> {
const extensionsDir = path.join(params.stateDir, "extensions");
const st = await safeStat(extensionsDir);
if (!st.ok || !st.isDir) {
return { extensionsDir, pluginDirs: [] };
}
const entries = await fs.readdir(extensionsDir, { withFileTypes: true }).catch((err) => {
params.onReadError?.(err);
return [];
});
const pluginDirs = entries
.filter((entry) => entry.isDirectory())
.map((entry) => entry.name)
.filter(Boolean);
return { extensionsDir, pluginDirs };
}
function resolveToolPolicies(params: { function resolveToolPolicies(params: {
cfg: OpenClawConfig; cfg: OpenClawConfig;
agentTools?: AgentToolsConfig; agentTools?: AgentToolsConfig;
@@ -204,17 +224,9 @@ export async function collectPluginsTrustFindings(params: {
stateDir: string; stateDir: string;
}): Promise<SecurityAuditFinding[]> { }): Promise<SecurityAuditFinding[]> {
const findings: SecurityAuditFinding[] = []; const findings: SecurityAuditFinding[] = [];
const extensionsDir = path.join(params.stateDir, "extensions"); const { extensionsDir, pluginDirs } = await listInstalledPluginDirs({
const st = await safeStat(extensionsDir); stateDir: params.stateDir,
if (!st.ok || !st.isDir) { });
return findings;
}
const entries = await fs.readdir(extensionsDir, { withFileTypes: true }).catch(() => []);
const pluginDirs = entries
.filter((e) => e.isDirectory())
.map((e) => e.name)
.filter(Boolean);
if (pluginDirs.length === 0) { if (pluginDirs.length === 0) {
return findings; return findings;
} }
@@ -619,24 +631,19 @@ export async function collectPluginsCodeSafetyFindings(params: {
stateDir: string; stateDir: string;
}): Promise<SecurityAuditFinding[]> { }): Promise<SecurityAuditFinding[]> {
const findings: SecurityAuditFinding[] = []; const findings: SecurityAuditFinding[] = [];
const extensionsDir = path.join(params.stateDir, "extensions"); const { extensionsDir, pluginDirs } = await listInstalledPluginDirs({
const st = await safeStat(extensionsDir); stateDir: params.stateDir,
if (!st.ok || !st.isDir) { onReadError: (err) => {
return findings; findings.push({
} checkId: "plugins.code_safety.scan_failed",
severity: "warn",
const entries = await fs.readdir(extensionsDir, { withFileTypes: true }).catch((err) => { title: "Plugin extensions directory scan failed",
findings.push({ detail: `Static code scan could not list extensions directory: ${String(err)}`,
checkId: "plugins.code_safety.scan_failed", remediation:
severity: "warn", "Check file permissions and plugin layout, then rerun `openclaw security audit --deep`.",
title: "Plugin extensions directory scan failed", });
detail: `Static code scan could not list extensions directory: ${String(err)}`, },
remediation:
"Check file permissions and plugin layout, then rerun `openclaw security audit --deep`.",
});
return [];
}); });
const pluginDirs = entries.filter((e) => e.isDirectory()).map((e) => e.name);
for (const pluginName of pluginDirs) { for (const pluginName of pluginDirs) {
const pluginPath = path.join(extensionsDir, pluginName); const pluginPath = path.join(extensionsDir, pluginName);