vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-12 07:20:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): bind system.run approvals to exact argv text

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-11 01:25:19 +00:00
parent 8eac939417
commit 7289c19f1a
17 changed files with 241 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
test/fixtures/system-run-command-contract.json vendored
View File

@@ -53,6 +53,15 @@
"displayCommand": "echo hi"
}
},
{
"name": "env wrapper accepts canonical full argv raw command",
"command": ["/usr/bin/env", "bash", "-lc", "echo hi"],
"rawCommand": "/usr/bin/env bash -lc \"echo hi\"",
"expected": {
"valid": true,
"displayCommand": "/usr/bin/env bash -lc \"echo hi\""
}
},
{
"name": "env assignment prelude requires full argv display binding",
"command": ["/usr/bin/env", "BASH_ENV=/tmp/payload.sh", "bash", "-lc", "echo hi"],