github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 09:21:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
9,776 Commits 702 Branches 79 Tags
cf2524b8b9fd472d572043cbc62ea8c82d836d53
Commit Graph

14 Commits

Author SHA1 Message Date
Omair Afzal
59733a02c8 fix(configure): reject literal "undefined" and "null" gateway auth tokens (#13767) 
* fix(configure): reject literal "undefined" and "null" gateway auth tokens

* fix(configure): reject literal "undefined" and "null" gateway auth tokens

* fix(configure): validate gateway password prompt and harden token coercion (#13767) (thanks @omair445)

* test: remove unused vitest imports in baseline lint fixtures (#13767)

---------

Co-authored-by: Luna AI <luna@coredirection.ai>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-02-13 17:04:41 +01:00
Marcus Castro
ec44e262be fix(security): prevent String(undefined) coercion in credential inputs (#12287) 
* fix(security): prevent String(undefined) coercion in credential inputs

When a prompter returns undefined (due to cancel, timeout, or bug),
String(undefined).trim() produces the literal string "undefined" instead
of "". This truthy string prevents secure fallbacks from triggering,
allowing predictable credential values (e.g., gateway password = "undefined").

Fix all 8 occurrences by using String(value ?? "").trim(), which correctly
yields "" for null/undefined inputs and triggers downstream validation or
fallback logic.

Fixes #8054

* fix(security): also fix String(undefined) in api-provider credential inputs

Address codex review feedback: 4 additional occurrences of the unsafe
String(variable).trim() pattern in auth-choice.apply.api-providers.ts
(Cloudflare Account ID, Gateway ID, synthetic API key inputs + validators).

* fix(test): strengthen password coercion test per review feedback

* fix(security): harden credential prompt coercion

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-02-13 04:25:05 +01:00
cpojer
f06dd8df06 chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts. 2026-02-01 10:03:47 +09:00
cpojer
5ceff756e1 chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
cpojer
15792b153f chore: Enable more lint rules, disable some that trigger a lot. Will clean up later. 2026-01-31 16:04:04 +09:00
Gustavo Madeira Santana
e5a95b5b66 fix: local updates for PR #4873 
Co-authored-by: Hisleren <Hisleren@users.noreply.github.com>
 2026-01-30 16:16:35 -05:00
Hisleren
201d7fa956 fix(security): prevent gateway token from defaulting to 'undefined' string 2026-01-30 16:16:35 -05:00
Peter Steinberger
9a7160786a refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
Peter Steinberger
6d16a658e5 refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
Peter Steinberger
83460df96f chore: update molt.bot domains 2026-01-27 12:21:01 +00:00
Peter Steinberger
b9098f3401 fix: remove unsupported gateway auth off option 2026-01-26 17:44:23 +00:00
Peter Steinberger
b5fd66c92d fix: add explicit tailnet gateway bind 2026-01-21 20:36:09 +00:00
Peter Steinberger
c379191f80 chore: migrate to oxlint and oxfmt 
Co-authored-by: Christoph Nakazawa <christoph.pojer@gmail.com>
 2026-01-14 15:02:19 +00:00
Peter Steinberger
a58ff1ac63 refactor(commands): split CLI commands 2026-01-14 05:39:47 +00:00