github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 11:41:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): harden account-key handling against prototype pollution

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-24 01:09:23 +00:00
parent 12cc754332
commit f97c0922e1
24 changed files with 141 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/line/accounts.ts
View File

@@ -4,6 +4,7 @@ import {
DEFAULT_ACCOUNT_ID,
normalizeAccountId as normalizeSharedAccountId,
} from "../routing/account-id.js";
import { resolveAccountEntry } from "../routing/account-lookup.js";
import type {
LineConfig,
LineAccountConfig,
@@ -104,10 +105,12 @@ export function resolveLineAccount(params: {
cfg: OpenClawConfig;
accountId?: string;
}): ResolvedLineAccount {
const { cfg, accountId = DEFAULT_ACCOUNT_ID } = params;
const cfg = params.cfg;
const accountId = normalizeSharedAccountId(params.accountId);
const lineConfig = cfg.channels?.line as LineConfig | undefined;
const accounts = lineConfig?.accounts;
const accountConfig = accountId !== DEFAULT_ACCOUNT_ID ? accounts?.[accountId] : undefined;
const accountConfig =
accountId !== DEFAULT_ACCOUNT_ID ? resolveAccountEntry(accounts, accountId) : undefined;
const { token, tokenSource } = resolveToken({
accountId,