vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-15 12:00:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): bind system.run approvals to exact argv text

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-11 01:25:19 +00:00
parent 8eac939417
commit 7289c19f1a
17 changed files with 241 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/cli/nodes-cli.coverage.test.ts
View File

@@ -174,7 +174,7 @@ describe("nodes-cli coverage", () => {
expect(invoke?.params?.command).toBe("system.run");
expect(invoke?.params?.params).toEqual({
command: ["echo", "hi"],
rawCommand: null,
rawCommand: "echo hi",
cwd: "/tmp",
env: { FOO: "bar" },
timeoutMs: 1200,
@@ -190,7 +190,8 @@ describe("nodes-cli coverage", () => {
expect(approval?.params?.["systemRunPlan"]).toEqual({
argv: ["echo", "hi"],
cwd: "/tmp",
rawCommand: null,
rawCommand: "echo hi",
commandPreview: null,
agentId: "main",
sessionKey: null,
});
@@ -213,7 +214,7 @@ describe("nodes-cli coverage", () => {
expect(invoke?.params?.command).toBe("system.run");
expect(invoke?.params?.params).toMatchObject({
command: ["/bin/sh", "-lc", "echo hi"],
rawCommand: "echo hi",
rawCommand: '/bin/sh -lc "echo hi"',
agentId: "main",
approved: true,
approvalDecision: "allow-once",
@@ -224,7 +225,8 @@ describe("nodes-cli coverage", () => {
expect(approval?.params?.["systemRunPlan"]).toEqual({
argv: ["/bin/sh", "-lc", "echo hi"],
cwd: null,
rawCommand: "echo hi",
rawCommand: '/bin/sh -lc "echo hi"',
commandPreview: "echo hi",
agentId: "main",
sessionKey: null,
});