vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-13 18:21:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(exec): remove host obfuscation gating

Browse Source
This commit is contained in:
Peter Steinberger
2026-04-05 18:01:32 +01:00
parent adbcfbe2bb
commit a74fb94fa3
11 changed files with 5 additions and 623 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/agents/bash-tools.exec-host-node.ts
View File

@@ -14,10 +14,8 @@ import {
describeInterpreterInlineEval,
detectInterpreterInlineEvalArgv,
} from "../infra/exec-inline-eval.js";
import { detectCommandObfuscation } from "../infra/exec-obfuscation-detect.js";
import { buildNodeShellCommand } from "../infra/node-shell.js";
import { parsePreparedSystemRunPayload } from "../infra/system-run-approval-context.js";
import { logInfo } from "../logger.js";
import {
buildExecApprovalRequesterContext,
buildExecApprovalTurnSourceContext,
@@ -193,13 +191,6 @@ export async function executeNodeHostCommand(
// Fall back to requiring approval if node approvals cannot be fetched.
}
}
const obfuscation = detectCommandObfuscation(params.command);
if (obfuscation.detected) {
logInfo(
`exec: obfuscation detected (node=${nodeQuery ?? "default"}): ${obfuscation.reasons.join(", ")}`,
);
params.warnings.push(`⚠️ Obfuscated command detected: ${obfuscation.reasons.join("; ")}`);
}
const requiresAsk =
requiresExecApproval({
ask: hostAsk,
@@ -207,9 +198,7 @@ export async function executeNodeHostCommand(
analysisOk,
allowlistSatisfied,
durableApprovalSatisfied,
}) ||
inlineEvalHit !== null ||
obfuscation.detected;
}) || inlineEvalHit !== null;
const invokeTimeoutMs = Math.max(
10_000,
(typeof params.timeoutSec === "number" ? params.timeoutSec : params.defaultTimeoutSec) * 1000 +
@@ -294,7 +283,6 @@ export async function executeNodeHostCommand(
const { approvedByAsk, deniedReason } = execHostShared.createExecApprovalDecisionState({
decision: preResolvedDecision,
askFallback,
obfuscationDetected: obfuscation.detected,
});
if (deniedReason || !approvedByAsk) {
throw new Error(
@@ -341,7 +329,6 @@ export async function executeNodeHostCommand(
} = execHostShared.createExecApprovalDecisionState({
decision,
askFallback,
obfuscationDetected: obfuscation.detected,
});
let approvedByAsk = initialApprovedByAsk;
let approvalDecision: "allow-once" | "allow-always" | null = null;