vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-12 07:20:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
openclaw/test/fixtures/system-run-command-contract.json
Peter Steinberger 68c674d37c refactor(security): simplify system.run approval model
2026-03-11 01:43:06 +00:00

85 lines
2.8 KiB
JSON
Raw Permalink Blame History

{
"cases": [
{
"name": "direct argv infers display command",
"command": ["echo", "hi there"],
"expected": {
"valid": true,
"displayCommand": "echo \"hi there\""
}
},
{
"name": "direct argv rejects mismatched raw command",
"command": ["uname", "-a"],
"rawCommand": "echo hi",
"expected": {
"valid": false,
"errorContains": "rawCommand does not match command"
}
},
{
"name": "shell wrapper accepts shell payload raw command at ingress",
"command": ["/bin/sh", "-lc", "echo hi"],
"rawCommand": "echo hi",
"expected": {
"valid": true,
"displayCommand": "/bin/sh -lc \"echo hi\""
}
},
{
"name": "shell wrapper positional argv carrier requires full argv display binding",
"command": ["/bin/sh", "-lc", "$0 \"$1\"", "/usr/bin/touch", "/tmp/marker"],
"rawCommand": "$0 \"$1\"",
"expected": {
"valid": false,
"errorContains": "rawCommand does not match command"
}
},
{
"name": "shell wrapper positional argv carrier accepts canonical full argv raw command",
"command": ["/bin/sh", "-lc", "$0 \"$1\"", "/usr/bin/touch", "/tmp/marker"],
"rawCommand": "/bin/sh -lc \"$0 \\\"$1\\\"\" /usr/bin/touch /tmp/marker",
"expected": {
"valid": true,
"displayCommand": "/bin/sh -lc \"$0 \\\"$1\\\"\" /usr/bin/touch /tmp/marker"
}
},
{
"name": "env wrapper shell payload accepted at ingress when prelude has no env modifiers",
"command": ["/usr/bin/env", "bash", "-lc", "echo hi"],
"rawCommand": "echo hi",
"expected": {
"valid": true,
"displayCommand": "/usr/bin/env bash -lc \"echo hi\""
}
},
{
"name": "env wrapper accepts canonical full argv raw command",
"command": ["/usr/bin/env", "bash", "-lc", "echo hi"],
"rawCommand": "/usr/bin/env bash -lc \"echo hi\"",
"expected": {
"valid": true,
"displayCommand": "/usr/bin/env bash -lc \"echo hi\""
}
},
{
"name": "env assignment prelude requires full argv display binding",
"command": ["/usr/bin/env", "BASH_ENV=/tmp/payload.sh", "bash", "-lc", "echo hi"],
"rawCommand": "echo hi",
"expected": {
"valid": false,
"errorContains": "rawCommand does not match command"
}
},
{
"name": "env assignment prelude accepts canonical full argv raw command",
"command": ["/usr/bin/env", "BASH_ENV=/tmp/payload.sh", "bash", "-lc", "echo hi"],
"rawCommand": "/usr/bin/env BASH_ENV=/tmp/payload.sh bash -lc \"echo hi\"",
"expected": {
"valid": true,
"displayCommand": "/usr/bin/env BASH_ENV=/tmp/payload.sh bash -lc \"echo hi\""
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink