fix(plugins): restrict bundled plugin dir resolution to trusted package roots (#73275)

* fix: address issue * fix: address review feedback * fix: address PR review feedback * fix: address PR review feedback * fix: address PR review feedback * fix: address PR review feedback * fix: address PR review feedback * fix: address PR review feedback * fix: address codex review feedback * fix: address codex review feedback * fix: address codex review feedback * fix: address PR review feedback * fix: address review feedback * fix: address PR review feedback * fix: address PR review feedback * fix: address review feedback * fix: address PR review feedback * fix: address PR review feedback * fix: address review feedback * docs: add changelog entry for PR merge
2026-05-06 09:10:45 +00:00 · 2026-04-28 21:35:32 +05:30
parent 230f7122dd
commit bdfb408ce6
7 changed files with 289 additions and 58 deletions
--- a/scripts/test-built-plugin-singleton.mjs
+++ b/scripts/test-built-plugin-singleton.mjs
@@ -21,9 +21,14 @@ assert.equal(typeof getPluginCommandSpecs, "function", "getPluginCommandSpecs mi
 assert.equal(typeof matchPluginCommand, "function", "matchPluginCommand missing");

 const tempRoot = fs.mkdtempSync(path.join(os.tmpdir(), "openclaw-build-smoke-"));
+const pluginId = "build-smoke-plugin";
+const distPluginDir = path.join(repoRoot, "dist", "extensions", pluginId);
+const runtimePluginDir = path.join(repoRoot, "dist-runtime", "extensions", pluginId);

 function cleanup() {
  clearPluginCommands();
+  fs.rmSync(distPluginDir, { recursive: true, force: true });
+  fs.rmSync(runtimePluginDir, { recursive: true, force: true });
  fs.rmSync(tempRoot, { recursive: true, force: true });
 }

@@ -37,10 +42,7 @@ process.on("SIGTERM", () => {
  process.exit(143);
 });

-const pluginId = "build-smoke-plugin";
-const distPluginDir = path.join(tempRoot, "dist", "extensions", pluginId);
 fs.mkdirSync(distPluginDir, { recursive: true });
-fs.writeFileSync(path.join(tempRoot, "package.json"), '{ "type": "module" }\n', "utf8");
 fs.writeFileSync(
  path.join(distPluginDir, "package.json"),
  JSON.stringify(
@@ -98,12 +100,12 @@ fs.writeFileSync(
  "utf8",
 );

-stageBundledPluginRuntime({ repoRoot: tempRoot });
+stageBundledPluginRuntime({ repoRoot });

-const runtimeEntryPath = path.join(tempRoot, "dist-runtime", "extensions", pluginId, "index.js");
+const runtimeEntryPath = path.join(runtimePluginDir, "index.js");
 assert.ok(fs.existsSync(runtimeEntryPath), "runtime overlay entry missing");
 assert.equal(
-  fs.existsSync(path.join(tempRoot, "dist-runtime", "plugins", "commands.js")),
+  fs.existsSync(path.join(repoRoot, "dist-runtime", "plugins", "commands.js")),
  false,
  "dist-runtime must not stage a duplicate commands module",
 );
@@ -115,7 +117,7 @@ const registry = loadOpenClawPlugins({
  workspaceDir: tempRoot,
  env: {
    ...process.env,
-    OPENCLAW_BUNDLED_PLUGINS_DIR: path.join(tempRoot, "dist-runtime", "extensions"),
+    OPENCLAW_BUNDLED_PLUGINS_DIR: path.join(repoRoot, "dist-runtime", "extensions"),
    OPENCLAW_DISABLE_PLUGIN_DISCOVERY_CACHE: "1",
  },
  config: {