github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 22:58:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): harden runtime command override gating

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-21 12:49:45 +01:00
parent cb84c537f4
commit fbb79d4013
12 changed files with 149 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/auto-reply/reply/commands-allowlist.ts
View File

@@ -3,6 +3,7 @@ import { resolveChannelConfigWrites } from "../../channels/plugins/config-writes
import { listPairingChannels } from "../../channels/plugins/pairing.js";
import type { ChannelId } from "../../channels/plugins/types.js";
import { normalizeChannelId } from "../../channels/registry.js";
import { isCommandFlagEnabled } from "../../config/commands.js";
import type { OpenClawConfig } from "../../config/config.js";
import {
readConfigFileSnapshot,
@@ -519,7 +520,7 @@ export const handleAllowlistCommand: CommandHandler = async (params, allowTextCo
return { shouldContinue: false, reply: { text: lines.join("\n") } };
}
if (params.cfg.commands?.config !== true) {
if (!isCommandFlagEnabled(params.cfg, "config")) {
return {
shouldContinue: false,
reply: { text: "⚠️ /allowlist edits are disabled. Set commands.config=true to enable." },