fix(security): harden exec approval boundaries

2026-04-20 21:51:28 +00:00 · 2026-03-22 09:35:16 -07:00
parent e99d44525a
commit a94ec3b79b
29 changed files with 835 additions and 67 deletions
--- a/apps/macos/Sources/OpenClaw/ExecSystemRunCommandValidator.swift
+++ b/apps/macos/Sources/OpenClaw/ExecSystemRunCommandValidator.swift
@@ -53,23 +53,27 @@ enum ExecSystemRunCommandValidator {
        let envManipulationBeforeShellWrapper = self.hasEnvManipulationBeforeShellWrapper(command)
        let shellWrapperPositionalArgv = self.hasTrailingPositionalArgvAfterInlineCommand(command)
        let mustBindDisplayToFullArgv = envManipulationBeforeShellWrapper || shellWrapperPositionalArgv
-        let formattedArgv = ExecCommandFormatter.displayString(for: command)
-        let previewCommand: String? = if let shellCommand, !mustBindDisplayToFullArgv {
+        let canonicalDisplay = ExecCommandFormatter.displayString(for: command)
+        let legacyShellDisplay: String? = if let shellCommand, !mustBindDisplayToFullArgv {
            shellCommand
        } else {
            nil
        }

-        if let raw = normalizedRaw, raw != formattedArgv, raw != previewCommand {
-            return .invalid(message: "INVALID_REQUEST: rawCommand does not match command")
+        if let raw = normalizedRaw {
+            let matchesCanonical = raw == canonicalDisplay
+            let matchesLegacyShellText = legacyShellDisplay == raw
+            if !matchesCanonical, !matchesLegacyShellText {
+                return .invalid(message: "INVALID_REQUEST: rawCommand does not match command")
+            }
        }

        return .ok(ResolvedCommand(
-            displayCommand: formattedArgv,
+            displayCommand: canonicalDisplay,
            evaluationRawCommand: self.allowlistEvaluationRawCommand(
                normalizedRaw: normalizedRaw,
                shellIsWrapper: shell.isWrapper,
-                previewCommand: previewCommand)))
+                previewCommand: legacyShellDisplay)))
    }

    static func allowlistEvaluationRawCommand(command: [String], rawCommand: String?) -> String? {
@@ -149,7 +153,12 @@ enum ExecSystemRunCommandValidator {
                idx += 1
                continue
            }
-            if token == "--" || token == "-" {
+            if token == "--" {
+                idx += 1
+                break
+            }
+            if token == "-" {
+                usesModifiers = true
                idx += 1
                break
            }
@@ -221,7 +230,7 @@ enum ExecSystemRunCommandValidator {
        return Array(argv[appletIndex...])
    }

-    private static func hasEnvManipulationBeforeShellWrapper(
+    static func hasEnvManipulationBeforeShellWrapper(
        _ argv: [String],
        depth: Int = 0,
        envManipulationSeen: Bool = false) -> Bool