github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 21:58:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
13,845 Commits 702 Branches 79 Tags
6268ed57ea236ffc2f7d432e1bf1e256e639ffa1
Commit Graph

5 Commits

Author SHA1 Message Date
Peter Steinberger
55e38d3b44 refactor: extract tmp media resolver helper and dedupe sandbox-path tests 2026-02-22 08:11:46 +01:00
Peter Steinberger
8922cb4085 test(sandbox): share sandbox-root setup across path cases 2026-02-21 23:38:43 +00:00
Peter Steinberger
d3991d6aa9 fix: harden sandbox tmp media validation (#17892) (thanks @dashed) 2026-02-22 00:31:21 +01:00
Alberto Leal
0bb81f7294 fix(media): allow os.tmpdir() paths in sandbox media source validation 
resolveSandboxedMediaSource() rejected all paths outside the sandbox
workspace root, including /tmp. This blocked sandboxed agents from
sending locally-generated temp files (e.g. images from Python scripts)
via messaging actions.

Add an os.tmpdir() prefix check before the strict sandbox containment
assertion, consistent with buildMediaLocalRoots() which already
includes os.tmpdir() in its default allowlist. Path traversal through
/tmp (e.g. /tmp/../etc/passwd) is prevented by path.resolve()
normalization before the prefix check.

Relates-to: #16382, #14174
 2026-02-22 00:31:21 +01:00
Alberto Leal
4cf5c3e109 test: add unit tests for resolveSandboxedMediaSource 
Add baseline test coverage for the previously untested
resolveSandboxedMediaSource() function, covering sandbox-relative
path resolution, rejection of paths outside the sandbox root,
path traversal prevention, file:// URL handling, HTTP URL
passthrough, and empty input edge cases.
 2026-02-22 00:31:21 +01:00