vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-03 13:10:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): bind system.run approvals to exact argv text

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-11 01:25:19 +00:00
parent 8eac939417
commit 7289c19f1a
17 changed files with 241 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/gateway/server-methods/exec-approval.ts
View File

@@ -75,6 +75,7 @@ export function createExecApprovalHandlers(
const effectiveAgentId = approvalContext.agentId;
const effectiveSessionKey = approvalContext.sessionKey;
const effectiveCommandText = approvalContext.commandText;
const effectiveCommandPreview = approvalContext.commandPreview;
if (host === "node" && !nodeId) {
respond(
false,
@@ -122,6 +123,7 @@ export function createExecApprovalHandlers(
}
const request = {
command: effectiveCommandText,
commandPreview: effectiveCommandPreview,
commandArgv: effectiveCommandArgv,
envKeys: systemRunBinding?.envKeys?.length ? systemRunBinding.envKeys : undefined,
systemRunBinding: systemRunBinding?.binding ?? null,