vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-13 18:21:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
29,813 Commits 1,260 Branches 106 Tags
56468cdb06afd1959a5ff849f36cfefaa28dff25
Commit Graph

12 Commits

Author SHA1 Message Date
Peter Steinberger
56468cdb06 fix: align plugin install denylist scan tests 2026-04-10 18:57:52 +01:00
Michael Appel
9f97ad857a fix(security): pin axios to 1.15.0 and add dependency denylist for plugin installs [AI-assisted] (#63891) 
* fix: address issue

* fix: address review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* Plugins: fix install security CI regressions

* Plugins: make manifest traversal linear

* Plugins: bound manifest security traversal

* Plugins: block denied node_modules package dirs

* Plugins: match node_modules case-insensitively

* Plugins: block denied package symlink paths

* Tests: normalize blocked symlink assertion

* Plugins: fail closed on unreadable denied paths

* Plugins: block denied node_modules file aliases

* Plugins: inspect node_modules symlink targets

* Plugins: preserve symlink target package paths

* fix: address PR review feedback

* chore(changelog): add axios pin and dependency denylist entry

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-10 11:20:05 -06:00
joshavant
c22233d96c Revert "refactor(plugins): remove before_install hook" 2026-04-01 19:57:07 -05:00
Vincent Koc
fcb802e826 refactor(plugins): remove before_install hook 2026-04-01 02:28:06 +09:00
Peter Steinberger
bf96c67fd1 fix: align skill install security gate 2026-03-31 15:53:29 +01:00
Peter Steinberger
0d7f1e2c84 feat(security): fail closed on dangerous skill installs 2026-03-31 23:27:20 +09:00
Peter Steinberger
44b9936136 feat(plugins): add dangerous unsafe install override 2026-03-31 23:16:11 +09:00
Jacob Tomlinson
7a953a5227 Plugins: block install when source scan fails (#57729) 
* Plugins: block unsafe install scan fallthrough

* Tests: normalize install scanner formatting

* Plugins: avoid duplicate scan failure messaging

* Plugins: preserve hook install block codes
 2026-03-30 15:36:08 +01:00
George Zhang
2607191d04 refactor(plugins): centralize before_install context shaping 2026-03-29 12:35:01 -07:00
George Zhang
150faba8d1 plugins: enrich before_install policy context 2026-03-29 12:35:01 -07:00
George Zhang
7cd9957f62 plugins: add before_install hook for install scanners 2026-03-29 12:35:01 -07:00
Peter Steinberger
3fa2300ba1 perf: reduce plugin runtime startup overhead 2026-03-22 16:34:09 +00:00