github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 00:23:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): harden account-key handling against prototype pollution

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-24 01:09:23 +00:00
parent 12cc754332
commit f97c0922e1
24 changed files with 141 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/auto-reply/reply/block-streaming.ts
View File

@@ -2,6 +2,7 @@ import { getChannelDock } from "../../channels/dock.js";
import { normalizeChannelId } from "../../channels/plugins/index.js";
import type { OpenClawConfig } from "../../config/config.js";
import type { BlockStreamingCoalesceConfig } from "../../config/types.js";
import { resolveAccountEntry } from "../../routing/account-lookup.js";
import { normalizeAccountId } from "../../routing/session-key.js";
import {
INTERNAL_MESSAGE_CHANNEL,
@@ -45,7 +46,7 @@ function resolveProviderBlockStreamingCoalesce(params: {
}
const normalizedAccountId = normalizeAccountId(accountId);
const typed = providerCfg as ProviderBlockStreamingConfig;
const accountCfg = typed.accounts?.[normalizedAccountId];
const accountCfg = resolveAccountEntry(typed.accounts, normalizedAccountId);
return accountCfg?.blockStreamingCoalesce ?? typed.blockStreamingCoalesce;
}