github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 04:01:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): harden runtime command override gating

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-21 12:49:45 +01:00
parent cb84c537f4
commit fbb79d4013
12 changed files with 149 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/auto-reply/reply/commands.test.ts
View File

@@ -186,6 +186,30 @@ describe("handleCommands gating", () => {
expect(result.shouldContinue).toBe(false);
expect(result.reply?.text).toContain("/debug is disabled");
});
it("does not enable gated commands from inherited command flags", async () => {
const inheritedCommands = Object.create({
bash: true,
config: true,
debug: true,
}) as Record<string, unknown>;
const cfg = {
commands: inheritedCommands as never,
channels: { whatsapp: { allowFrom: ["*"] } },
} as OpenClawConfig;
const bashResult = await handleCommands(buildParams("/bash echo hi", cfg));
expect(bashResult.shouldContinue).toBe(false);
expect(bashResult.reply?.text).toContain("bash is disabled");
const configResult = await handleCommands(buildParams("/config show", cfg));
expect(configResult.shouldContinue).toBe(false);
expect(configResult.reply?.text).toContain("/config is disabled");
const debugResult = await handleCommands(buildParams("/debug show", cfg));
expect(debugResult.shouldContinue).toBe(false);
expect(debugResult.reply?.text).toContain("/debug is disabled");
});
});
describe("/approve command", () => {