mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-11 18:00:44 +00:00
[codex] Extract filesystem safety primitives (#77918)
* refactor: extract filesystem safety primitives * refactor: use fs-safe for file access helpers * refactor: reuse fs-safe for media reads * refactor: use fs-safe for image reads * refactor: reuse fs-safe in qqbot media opener * refactor: reuse fs-safe for local media checks * refactor: consume cleaner fs-safe api * refactor: align fs-safe json option names * fix: preserve fs-safe migration contracts * refactor: use fs-safe primitive subpaths * refactor: use grouped fs-safe subpaths * refactor: align fs-safe api usage * refactor: adapt private state store api * chore: refresh proof gate * refactor: follow fs-safe json api split * refactor: follow reduced fs-safe surface * build: default fs-safe python helper off * fix: preserve fs-safe plugin sdk aliases * refactor: consolidate fs-safe usage * refactor: unify fs-safe store usage * refactor: trim fs-safe temp workspace usage * refactor: hide low-level fs-safe primitives * build: use published fs-safe package * fix: preserve outbound recovery durability after rebase * chore: refresh pr checks
This commit is contained in:
Peter Steinberger
committed by
GitHub
GitHub
parent
61481eb34f
commit
538605ff44
@@ -1,5 +1,7 @@
|
||||
// Public security/policy helpers for plugins that need shared trust and DM gating logic.
|
||||
|
||||
import { root as fsRoot, type OpenResult } from "../infra/fs-safe.js";
|
||||
|
||||
export * from "../secrets/channel-secret-collector-runtime.js";
|
||||
export * from "../secrets/runtime-shared.js";
|
||||
export * from "../secrets/shared.js";
|
||||
@@ -17,10 +19,51 @@ export {
|
||||
export * from "../security/external-content.js";
|
||||
export * from "../security/safe-regex.js";
|
||||
export {
|
||||
SafeOpenError,
|
||||
openFileWithinRoot,
|
||||
writeFileFromPathWithinRoot,
|
||||
appendRegularFile,
|
||||
appendRegularFileSync,
|
||||
FsSafeError,
|
||||
FsSafeError as SafeOpenError,
|
||||
openLocalFileSafely,
|
||||
pathExists,
|
||||
pathExistsSync,
|
||||
readRegularFile,
|
||||
resolveLocalPathFromRootsSync,
|
||||
readRegularFileSync,
|
||||
resolveRegularFileAppendFlags,
|
||||
root,
|
||||
statRegularFileSync,
|
||||
withTimeout,
|
||||
type FsSafeErrorCode as SafeOpenErrorCode,
|
||||
} from "../infra/fs-safe.js";
|
||||
|
||||
export async function openFileWithinRoot(params: {
|
||||
rootDir: string;
|
||||
relativePath: string;
|
||||
rejectHardlinks?: boolean;
|
||||
nonBlockingRead?: boolean;
|
||||
allowSymlinkTargetWithinRoot?: boolean;
|
||||
}): Promise<OpenResult> {
|
||||
const root = await fsRoot(params.rootDir);
|
||||
return await root.open(params.relativePath, {
|
||||
hardlinks: params.rejectHardlinks === false ? "allow" : "reject",
|
||||
nonBlockingRead: params.nonBlockingRead,
|
||||
symlinks: params.allowSymlinkTargetWithinRoot === true ? "follow-within-root" : "reject",
|
||||
});
|
||||
}
|
||||
|
||||
export async function writeFileFromPathWithinRoot(params: {
|
||||
rootDir: string;
|
||||
relativePath: string;
|
||||
sourcePath: string;
|
||||
mkdir?: boolean;
|
||||
}): Promise<void> {
|
||||
const root = await fsRoot(params.rootDir);
|
||||
await root.copyIn(params.relativePath, params.sourcePath, {
|
||||
mkdir: params.mkdir,
|
||||
sourceHardlinks: "reject",
|
||||
});
|
||||
}
|
||||
|
||||
export { extractErrorCode, formatErrorMessage } from "../infra/errors.js";
|
||||
export { hasProxyEnvConfigured } from "../infra/net/proxy-env.js";
|
||||
export { normalizeHostname } from "../infra/net/hostname.js";
|
||||
@@ -34,8 +77,54 @@ export {
|
||||
type SsrFPolicy,
|
||||
} from "../infra/net/ssrf.js";
|
||||
export { isNotFoundPathError, isPathInside } from "../infra/path-guards.js";
|
||||
export {
|
||||
assertAbsolutePathInput,
|
||||
canonicalPathFromExistingAncestor,
|
||||
findExistingAncestor,
|
||||
resolveAbsolutePathForRead,
|
||||
resolveAbsolutePathForWrite,
|
||||
type AbsolutePathSymlinkPolicy,
|
||||
type ResolvedAbsolutePath,
|
||||
type ResolvedWritableAbsolutePath,
|
||||
} from "../infra/fs-safe.js";
|
||||
export { sanitizeUntrustedFileName } from "../infra/fs-safe-advanced.js";
|
||||
export {
|
||||
privateFileStore,
|
||||
privateFileStoreSync,
|
||||
type PrivateFileStore,
|
||||
} from "../infra/private-file-store.js";
|
||||
export {
|
||||
movePathWithCopyFallback,
|
||||
replaceFileAtomic,
|
||||
replaceFileAtomicSync,
|
||||
type MovePathWithCopyFallbackOptions,
|
||||
type ReplaceFileAtomicFileSystem,
|
||||
type ReplaceFileAtomicOptions,
|
||||
type ReplaceFileAtomicResult,
|
||||
type ReplaceFileAtomicSyncFileSystem,
|
||||
type ReplaceFileAtomicSyncOptions,
|
||||
} from "../infra/replace-file.js";
|
||||
export {
|
||||
writeSiblingTempFile,
|
||||
type WriteSiblingTempFileOptions,
|
||||
type WriteSiblingTempFileResult,
|
||||
} from "../infra/sibling-temp-file.js";
|
||||
export {
|
||||
assertNoSymlinkParents,
|
||||
assertNoSymlinkParentsSync,
|
||||
type AssertNoSymlinkParentsOptions,
|
||||
} from "../infra/fs-safe-advanced.js";
|
||||
export { ensurePortAvailable } from "../infra/ports.js";
|
||||
export { generateSecureToken } from "../infra/secure-random.js";
|
||||
export {
|
||||
resolveExistingPathsWithinRoot,
|
||||
pathScope,
|
||||
resolvePathsWithinRoot,
|
||||
resolvePathWithinRoot,
|
||||
resolveStrictExistingPathsWithinRoot,
|
||||
resolveWritablePathWithinRoot,
|
||||
} from "../infra/root-paths.js";
|
||||
export { writeViaSiblingTempPath } from "../infra/fs-safe-advanced.js";
|
||||
export { resolvePreferredOpenClawTmpDir } from "../infra/tmp-openclaw-dir.js";
|
||||
export { redactSensitiveText } from "../logging/redact.js";
|
||||
export { safeEqualSecret } from "../security/secret-equal.js";
|
||||
|
||||
Reference in New Issue
Block a user