vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-29 02:41:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Filter untrusted CWD .env entries before OpenClaw startup (#54631)

Browse Source 
* Filter untrusted CWD .env entries before OpenClaw startup

* Add missing test file

* Fix missing and updated files

* Address feedback

* Feedback updates

* Feedback update

* Add test coverage

* Unit test fix
This commit is contained in:
Devin Robison
2026-03-25 14:49:26 -07:00
committed by GitHub
parent 79fbcfc03b
commit 6a79324802
3 changed files with 271 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/cli/dotenv.ts
View File

@@ -1,20 +1,14 @@
import fs from "node:fs";
import path from "node:path";
import dotenv from "dotenv";
import { resolveStateDir } from "../config/paths.js";
import { loadRuntimeDotEnvFile, loadWorkspaceDotEnvFile } from "../infra/dotenv.js";
export function loadCliDotEnv(opts?: { quiet?: boolean }) {
const quiet = opts?.quiet ?? true;
// Load from process CWD first (dotenv default).
dotenv.config({ quiet });
const cwdEnvPath = path.join(process.cwd(), ".env");
loadWorkspaceDotEnvFile(cwdEnvPath, { quiet });
// Then load the global fallback from the active state dir without overriding
// any env vars that were already set or loaded from CWD.
const globalEnvPath = path.join(resolveStateDir(process.env), ".env");
if (!fs.existsSync(globalEnvPath)) {
return;
}
dotenv.config({ quiet, path: globalEnvPath, override: false });
loadRuntimeDotEnvFile(globalEnvPath, { quiet });
}