github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-07 23:51:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: allow chained exec allowlists

Browse Source 
Co-authored-by: Lucas Czekaj <1464539+czekaj@users.noreply.github.com>
This commit is contained in:
Peter Steinberger
2026-01-23 00:10:19 +00:00
parent a23e272877
commit e872f5335b
7 changed files with 500 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
src/infra/exec-approvals.test.ts
View File

@@ -8,6 +8,7 @@ import {
analyzeArgvCommand,
analyzeShellCommand,
evaluateExecAllowlist,
evaluateShellAllowlist,
isSafeBinUsage,
matchAllowlist,
maxAsk,
@@ -121,9 +122,10 @@ describe("exec approvals shell parsing", () => {
expect(res.segments.map((seg) => seg.argv[0])).toEqual(["echo", "jq"]);
});
it("rejects chained commands", () => {
it("parses chained commands", () => {
const res = analyzeShellCommand({ command: "ls && rm -rf /" });
expect(res.ok).toBe(false);
expect(res.ok).toBe(true);
expect(res.chains?.map((chain) => chain[0]?.argv[0])).toEqual(["ls", "rm"]);
});
it("parses argv commands", () => {
@@ -133,6 +135,60 @@ describe("exec approvals shell parsing", () => {
});
});
describe("exec approvals shell allowlist (chained commands)", () => {
it("allows chained commands when all parts are allowlisted", () => {
const allowlist: ExecAllowlistEntry[] = [
{ pattern: "/usr/bin/obsidian-cli" },
{ pattern: "/usr/bin/head" },
];
const result = evaluateShellAllowlist({
command:
"/usr/bin/obsidian-cli print-default && /usr/bin/obsidian-cli search foo | /usr/bin/head",
allowlist,
safeBins: new Set(),
cwd: "/tmp",
});
expect(result.analysisOk).toBe(true);
expect(result.allowlistSatisfied).toBe(true);
});
it("rejects chained commands when any part is not allowlisted", () => {
const allowlist: ExecAllowlistEntry[] = [{ pattern: "/usr/bin/obsidian-cli" }];
const result = evaluateShellAllowlist({
command: "/usr/bin/obsidian-cli print-default && /usr/bin/rm -rf /",
allowlist,
safeBins: new Set(),
cwd: "/tmp",
});
expect(result.analysisOk).toBe(true);
expect(result.allowlistSatisfied).toBe(false);
});
it("returns analysisOk=false for malformed chains", () => {
const allowlist: ExecAllowlistEntry[] = [{ pattern: "/usr/bin/echo" }];
const result = evaluateShellAllowlist({
command: "/usr/bin/echo ok &&",
allowlist,
safeBins: new Set(),
cwd: "/tmp",
});
expect(result.analysisOk).toBe(false);
expect(result.allowlistSatisfied).toBe(false);
});
it("respects quotes when splitting chains", () => {
const allowlist: ExecAllowlistEntry[] = [{ pattern: "/usr/bin/echo" }];
const result = evaluateShellAllowlist({
command: '/usr/bin/echo "foo && bar"',
allowlist,
safeBins: new Set(),
cwd: "/tmp",
});
expect(result.analysisOk).toBe(true);
expect(result.allowlistSatisfied).toBe(true);
});
});
describe("exec approvals safe bins", () => {
it("allows safe bins with non-path args", () => {
const dir = makeTempDir();