vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-09 08:11:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
24,426 Commits 1,175 Branches 101 Tags
b2bb129e2cfe330dbd6ef3446e9a04db8f98a45f
Commit Graph

21 Commits

Author SHA1 Message Date
Peter Steinberger
93880717f1 fix(media): harden secondary local path seams 2026-03-23 00:29:46 -07:00
Peter Steinberger
46eba86b45 fix: harden workspace boundary path resolution 2026-02-26 13:19:59 +01:00
Peter Steinberger
de61e9c977 refactor(security): unify path alias guard policies 2026-02-26 03:59:17 +01:00
Peter Steinberger
04d91d0319 fix(security): block workspace hardlink alias escapes 2026-02-26 03:42:54 +01:00
Peter Steinberger
c267b5edf6 refactor(sandbox): unify tmp alias checks and dedupe hardlink tests 2026-02-25 02:01:12 +00:00
Brian Mendonca
22689b9dc9 fix(sandbox): reject hardlinked tmp media aliases 2026-02-25 01:56:44 +00:00
Peter Steinberger
d3da67c7a9 fix(security): lock sandbox tmp media paths to openclaw roots 2026-02-24 23:10:19 +00:00
Peter Steinberger
9ef0fc2ff8 fix(sandbox): block @-prefixed workspace path bypass 2026-02-24 17:23:14 +00:00
Peter Steinberger
84e5ab598a fix: make windows CI path handling deterministic 2026-02-22 22:34:49 +00:00
Peter Steinberger
eefbf3dc5a fix(sandbox): normalize /workspace media paths to host sandbox root 
Co-authored-by: echo931 <echo931@users.noreply.github.com>
 2026-02-22 20:37:21 +01:00
Peter Steinberger
55e38d3b44 refactor: extract tmp media resolver helper and dedupe sandbox-path tests 2026-02-22 08:11:46 +01:00
Peter Steinberger
d3991d6aa9 fix: harden sandbox tmp media validation (#17892) (thanks @dashed) 2026-02-22 00:31:21 +01:00
Alberto Leal
0bb81f7294 fix(media): allow os.tmpdir() paths in sandbox media source validation 
resolveSandboxedMediaSource() rejected all paths outside the sandbox
workspace root, including /tmp. This blocked sandboxed agents from
sending locally-generated temp files (e.g. images from Python scripts)
via messaging actions.

Add an os.tmpdir() prefix check before the strict sandbox containment
assertion, consistent with buildMediaLocalRoots() which already
includes os.tmpdir() in its default allowlist. Path traversal through
/tmp (e.g. /tmp/../etc/passwd) is prevented by path.resolve()
normalization before the prefix check.

Relates-to: #16382, #14174
 2026-02-22 00:31:21 +01:00
Peter Steinberger
ed960ba4eb refactor(security): centralize path guard helpers 2026-02-21 19:54:26 +01:00
Peter Steinberger
914b9d1e79 fix(agents): block workspaceOnly apply_patch delete symlink escape 2026-02-15 03:28:25 +01:00
Vignesh Natarajan
eafda6f526 Sandbox: add shared bind-aware fs path resolver 2026-02-14 16:53:43 -08:00
Peter Steinberger
5e7c3250cb fix(security): add optional workspace-only path guards for fs tools 2026-02-14 23:50:24 +01:00
Gustavo Madeira Santana
4434cae565 Security: harden sandboxed media handling (#9182) 
* Message: enforce sandbox for media param

* fix: harden sandboxed media handling (#8780) (thanks @victormier)

* chore: format message action runner (#8780) (thanks @victormier)

---------

Co-authored-by: Victor Mier <victormier@gmail.com>
 2026-02-04 19:11:23 -05:00
cpojer
5ceff756e1 chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
Peter Steinberger
c379191f80 chore: migrate to oxlint and oxfmt 
Co-authored-by: Christoph Nakazawa <christoph.pojer@gmail.com>
 2026-01-14 15:02:19 +00:00
Peter Steinberger
3b075dff8a feat: add per-session agent sandbox 2026-01-03 21:41:58 +01:00