github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-25 09:53:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): trust resolved skill-bin paths in allowlist auto-allow

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-24 03:12:22 +00:00
parent 204d9fb404
commit ffd63b7a2c
7 changed files with 243 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/node-host/invoke-system-run.ts
View File

@@ -14,6 +14,7 @@ import {
type ExecAsk,
type ExecCommandSegment,
type ExecSecurity,
type SkillBinTrustEntry,
} from "../infra/exec-approvals.js";
import type { ExecHostRequest, ExecHostResponse, ExecHostRunResult } from "../infra/exec-host.js";
import { resolveExecSafeBinRuntimePolicy } from "../infra/exec-safe-bin-runtime-policy.js";
@@ -145,7 +146,7 @@ function evaluateSystemRunAllowlist(params: {
trustedSafeBinDirs: ReturnType<typeof resolveExecSafeBinRuntimePolicy>["trustedSafeBinDirs"];
cwd: string | undefined;
env: Record<string, string> | undefined;
skillBins: Set<string>;
skillBins: SkillBinTrustEntry[];
autoAllowSkills: boolean;
}): SystemRunAllowlistAnalysis {
if (params.shellCommand) {
@@ -310,7 +311,7 @@ export async function handleSystemRunInvoke(opts: HandleSystemRunInvokeOptions):
global: cfg.tools?.exec,
local: agentExec,
});
const bins = autoAllowSkills ? await opts.skillBins.current() : new Set<string>();
const bins = autoAllowSkills ? await opts.skillBins.current() : [];
let { analysisOk, allowlistMatches, allowlistSatisfied, segments } = evaluateSystemRunAllowlist({
shellCommand,
argv,