github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-07 21:31:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(memory): prevent QMD scope deny bypass

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-15 02:41:30 +00:00
parent 014b42dd45
commit f9bb748a6c
11 changed files with 80 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/sessions/send-policy.ts
View File

@@ -85,6 +85,8 @@ export function resolveSendPolicy(params: {
normalizeChatType(deriveChatTypeFromKey(params.sessionKey));
const rawSessionKey = params.sessionKey ?? "";
const strippedSessionKey = stripAgentSessionKeyPrefix(rawSessionKey) ?? "";
const rawSessionKeyNorm = rawSessionKey.toLowerCase();
const strippedSessionKeyNorm = strippedSessionKey.toLowerCase();
let allowedMatch = false;
for (const rule of policy.rules ?? []) {
@@ -96,6 +98,7 @@ export function resolveSendPolicy(params: {
const matchChannel = normalizeMatchValue(match.channel);
const matchChatType = normalizeChatType(match.chatType);
const matchPrefix = normalizeMatchValue(match.keyPrefix);
const matchRawPrefix = normalizeMatchValue(match.rawKeyPrefix);
if (matchChannel && matchChannel !== channel) {
continue;
@@ -103,10 +106,13 @@ export function resolveSendPolicy(params: {
if (matchChatType && matchChatType !== chatType) {
continue;
}
if (matchRawPrefix && !rawSessionKeyNorm.startsWith(matchRawPrefix)) {
continue;
}
if (
matchPrefix &&
!rawSessionKey.startsWith(matchPrefix) &&
!strippedSessionKey.startsWith(matchPrefix)
!rawSessionKeyNorm.startsWith(matchPrefix) &&
!strippedSessionKeyNorm.startsWith(matchPrefix)
) {
continue;
}