github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-07 23:11:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
14,496 Commits 702 Branches 79 Tags
2d6d6797d81a2534bff1aa9ee4f3c0cd2dd18013
Commit Graph

10 Commits

Author SHA1 Message Date
Peter Steinberger
1c753ea786 test: dedupe fixtures and test harness setup 2026-02-23 05:45:54 +00:00
Peter Steinberger
b55979844b test(tui): dedupe local bind loopback assertions 2026-02-22 07:35:55 +00:00
Peter Steinberger
f28fcf243a test(cli): use lightweight clears in message helper and gateway chat setup 2026-02-22 07:35:54 +00:00
Peter Steinberger
2a0ea7cb97 test(tui): cover gateway auth fallbacks and dedupe env setup 2026-02-21 19:13:47 +00:00
Tyler Yust
47f3979758 Gateway: force loopback self-connections for local binds 2026-02-20 13:08:26 -08:00
Peter Steinberger
a1cb700a05 test: dedupe and optimize test suites 2026-02-19 15:19:38 +00:00
Jay Caldwell
9edec67a18 fix(security): block plaintext WebSocket connections to non-loopback addresses (#20803) 
* fix(security): block plaintext WebSocket connections to non-loopback addresses

Addresses CWE-319 (Cleartext Transmission of Sensitive Information).

Previously, ws:// connections to remote hosts were allowed, exposing
both credentials and chat data to network interception. This change
blocks ALL plaintext ws:// connections to non-loopback addresses,
regardless of whether explicit credentials are configured (device
tokens may be loaded dynamically).

Security policy:
- wss:// allowed to any host
- ws:// allowed only to loopback (127.x.x.x, localhost, ::1)
- ws:// to LAN/tailnet/remote hosts now requires TLS

Changes:
- Add isSecureWebSocketUrl() validation in net.ts
- Block insecure connections in GatewayClient.start()
- Block insecure URLs in buildGatewayConnectionDetails()
- Handle malformed URLs gracefully without crashing
- Update tests to use wss:// for non-loopback URLs

Fixes #12519

* fix(test): update gateway-chat mock to preserve net.js exports

Use importOriginal to spread actual module exports and mock only
the functions needed for testing. This ensures isSecureWebSocketUrl
and other exports remain available to the code under test.
 2026-02-19 03:13:08 -08:00
Vignesh Natarajan
d171686f77 TUI: honor gateway bind mode for local connection URL 2026-02-14 17:16:17 -08:00
Gustavo Madeira Santana
5e025c4ba3 Tests: restore TUI gateway env 2026-02-04 19:09:52 -05:00
Gustavo Madeira Santana
a13ff55bd9 Security: Prevent gateway credential exfiltration via URL override (#9179) 
* Gateway: require explicit auth for url overrides

* Gateway: scope credential blocking to non-local URLs only

Address review feedback: the previous fix blocked credential fallback for
ALL URL overrides, which was overly strict and could break workflows that
use --url to switch between loopback/tailnet without passing credentials.

Now credential fallback is only blocked for non-local URLs (public IPs,
external hostnames). Local addresses (127.0.0.1, localhost, private IPs
like 192.168.x.x, 10.x.x.x, tailnet 100.x.x.x) still get credential
fallback as before.

This maintains the security fix (preventing credential exfiltration to
attacker-controlled URLs) while preserving backward compatibility for
legitimate local URL overrides.

* Security: require explicit credentials for gateway url overrides (#8113) (thanks @victormier)

* Gateway: reuse explicit auth helper for url overrides (#8113) (thanks @victormier)

* Tests: format gateway chat test (#8113) (thanks @victormier)

* Tests: require explicit auth for gateway url overrides (#8113) (thanks @victormier)

---------

Co-authored-by: Victor Mier <victormier@gmail.com>
 2026-02-04 18:59:44 -05:00