vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-12 07:20:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(exec): block dangerous override-only env pivots

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-07 19:17:59 +00:00
parent 6aa80844b8
commit e27bbe4982
8 changed files with 155 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
scripts/generate-host-env-security-policy-swift.mjs
View File

@@ -24,7 +24,7 @@ const outputPath = path.join(
"HostEnvSecurityPolicy.generated.swift",
);
/** @type {{blockedKeys: string[]; blockedOverrideKeys?: string[]; blockedPrefixes: string[]}} */
/** @type {{blockedKeys: string[]; blockedOverrideKeys?: string[]; blockedOverridePrefixes?: string[]; blockedPrefixes: string[]}} */
const policy = JSON.parse(fs.readFileSync(policyPath, "utf8"));
const renderSwiftStringArray = (items) => items.map((item) => ` "${item}"`).join(",\n");
@@ -44,6 +44,10 @@ ${renderSwiftStringArray(policy.blockedKeys)}
${renderSwiftStringArray(policy.blockedOverrideKeys ?? [])}
]
static let blockedOverridePrefixes: [String] = [
${renderSwiftStringArray(policy.blockedOverridePrefixes ?? [])}
]
static let blockedPrefixes: [String] = [
${renderSwiftStringArray(policy.blockedPrefixes)}
]