Security: disable plugin runtime command execution primitive (#20828)

Co-authored-by: mbelinky <mbelinky@users.noreply.github.com>
2026-04-27 00:52:05 +00:00 · 2026-02-19 10:17:29 +00:00
parent 771af40913
commit 45db2aa0cd
5 changed files with 179 additions and 12 deletions
--- a/src/plugins/runtime/index.ts
+++ b/src/plugins/runtime/index.ts
@@ -105,7 +105,6 @@ import {
  readChannelAllowFromStore,
  upsertChannelPairingRequest,
 } from "../../pairing/pairing-store.js";
-import { runCommandWithTimeout } from "../../process/exec.js";
 import { resolveAgentRoute } from "../../routing/resolve-route.js";
 import { monitorSignalProvider } from "../../signal/index.js";
 import { probeSignal } from "../../signal/probe.js";
@@ -236,6 +235,13 @@ function loadWhatsAppActions() {
  return whatsappActionsPromise;
 }

+const runtimeCommandExecutionDisabled: PluginRuntime["system"]["runCommandWithTimeout"] =
+  async () => {
+    throw new Error(
+      "runtime.system.runCommandWithTimeout is disabled for security hardening. Use fixed-purpose runtime APIs instead.",
+    );
+  };
+
 export function createPluginRuntime(): PluginRuntime {
  return {
    version: resolveVersion(),
@@ -245,7 +251,7 @@ export function createPluginRuntime(): PluginRuntime {
    },
    system: {
      enqueueSystemEvent,
-      runCommandWithTimeout,
+      runCommandWithTimeout: runtimeCommandExecutionDisabled,
      formatNativeDependencyHint,
    },
    media: {