github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 06:51:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): harden heredoc allowlist parsing

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-21 14:27:13 +01:00
parent 92cada2aca
commit f23da067f6
4 changed files with 75 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/agents/bash-tools.exec-host-gateway.ts
View File

@@ -77,12 +77,23 @@ export async function processGatewayAllowlist(
const analysisOk = allowlistEval.analysisOk;
const allowlistSatisfied =
hostSecurity === "allowlist" && analysisOk ? allowlistEval.allowlistSatisfied : false;
const requiresAsk = requiresExecApproval({
ask: hostAsk,
security: hostSecurity,
analysisOk,
allowlistSatisfied,
});
const hasHeredocSegment = allowlistEval.segments.some((segment) =>
segment.argv.some((token) => token.startsWith("<<")),
);
const requiresHeredocApproval =
hostSecurity === "allowlist" && analysisOk && allowlistSatisfied && hasHeredocSegment;
const requiresAsk =
requiresExecApproval({
ask: hostAsk,
security: hostSecurity,
analysisOk,
allowlistSatisfied,
}) || requiresHeredocApproval;
if (requiresHeredocApproval) {
params.warnings.push(
"Warning: heredoc execution requires explicit approval in allowlist mode.",
);
}
if (requiresAsk) {
const approvalId = crypto.randomUUID();