vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-05 14:20:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(infra): align env key normalization in approval binding path (#59182)

Browse Source 
* fix: address issue

* fix: address PR review feedback

* fix: address review feedback

* fix: address review feedback

* chore: add changelog for Windows env approval binding

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
This commit is contained in:
pgondhi987
2026-04-02 22:44:33 +05:30
committed by GitHub
parent 774beb8e5c
commit 7eb094a00d
8 changed files with 126 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/gateway/node-invoke-system-run-approval-match.test.ts
View File

@@ -123,6 +123,32 @@ describe("evaluateSystemRunApprovalMatch", () => {
expect(result).toEqual({ ok: true });
});
test("rejects mismatched Windows-compatible env override values", () => {
const result = evaluateSystemRunApprovalMatch({
argv: ["cmd.exe", "/c", "echo ok"],
request: {
host: "node",
command: "cmd.exe /c echo ok",
systemRunBinding: buildSystemRunApprovalBinding({
argv: ["cmd.exe", "/c", "echo ok"],
cwd: null,
agentId: null,
sessionKey: null,
env: { "ProgramFiles(x86)": "C:\\Program Files (x86)" },
}).binding,
},
binding: {
...defaultBinding,
env: { "ProgramFiles(x86)": "D:\\malicious" },
},
});
expect(result.ok).toBe(false);
if (result.ok) {
throw new Error("unreachable");
}
expect(result.code).toBe("APPROVAL_ENV_MISMATCH");
});
test("rejects non-node host requests", () => {
const result = evaluateSystemRunApprovalMatch({
argv: ["echo", "SAFE"],

31
src/gateway/server-methods/server-methods.test.ts
View File

@@ -656,6 +656,37 @@ describe("exec approval handlers", () => {
);
});
it("includes Windows-compatible env keys in approval env bindings", async () => {
const { handlers, broadcasts, respond, context } = createExecApprovalFixture();
await requestExecApproval({
handlers,
respond,
context,
params: {
timeoutMs: 10,
commandArgv: ["cmd.exe", "/c", "echo", "ok"],
command: "cmd.exe /c echo ok",
env: {
"ProgramFiles(x86)": "C:\\Program Files (x86)",
},
},
});
const requested = broadcasts.find((entry) => entry.event === "exec.approval.requested");
expect(requested).toBeTruthy();
const request = (requested?.payload as { request?: Record<string, unknown> })?.request ?? {};
const envBinding = buildSystemRunApprovalEnvBinding({
"ProgramFiles(x86)": "C:\\Program Files (x86)",
});
expect(request["envKeys"]).toEqual(envBinding.envKeys);
expect(request["systemRunBinding"]).toEqual(
buildSystemRunApprovalBinding({
argv: ["cmd.exe", "/c", "echo", "ok"],
cwd: "/tmp",
env: { "ProgramFiles(x86)": "C:\\Program Files (x86)" },
}).binding,
);
});
it("stores sorted env keys for gateway approvals without node-only binding", async () => {
const { handlers, broadcasts, respond, context } = createExecApprovalFixture();
await requestExecApproval({