vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-13 11:00:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2d676d6460675d2552d7af5e1ea4eda45f0ae5a1
openclaw/src/agents/bash-tools.exec.path.test.ts
Vincent Koc b7615e0ce3 Exec/ACP: inject OPENCLAW_SHELL into child shell env (#31271) 
* exec: mark runtime shell context in exec env

* tests(exec): cover OPENCLAW_SHELL in gateway exec

* tests(exec): cover OPENCLAW_SHELL in pty mode

* acpx: mark runtime shell context for spawned process

* tests(acpx): log OPENCLAW_SHELL in runtime fixture

* tests(acpx): assert OPENCLAW_SHELL in runtime prompt

* docs(env): document OPENCLAW_SHELL runtime markers

* docs(exec): describe OPENCLAW_SHELL exec marker

* docs(acp): document OPENCLAW_SHELL acp marker

* docs(gateway): note OPENCLAW_SHELL for background exec

* tui: tag local shell runs with OPENCLAW_SHELL

* tests(tui): assert OPENCLAW_SHELL in local shell runner

* acp client: tag spawned bridge env with OPENCLAW_SHELL

* tests(acp): cover acp client OPENCLAW_SHELL env helper

* docs(env): include acp-client and tui-local shell markers

* docs(acp): document acp-client OPENCLAW_SHELL marker

* docs(tui): document tui-local OPENCLAW_SHELL marker

* exec: keep shell runtime env string-only for docker args

* changelog: note OPENCLAW_SHELL runtime markers
2026-03-01 20:31:06 -08:00

237 lines
7.5 KiB
TypeScript
Raw Blame History

import fs from "node:fs";
import os from "node:os";
import path from "node:path";
import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
import type { ExecApprovalsResolved } from "../infra/exec-approvals.js";
import { captureEnv } from "../test-utils/env.js";
import { sanitizeBinaryOutput } from "./shell-utils.js";
const isWin = process.platform === "win32";
vi.mock("../infra/shell-env.js", async (importOriginal) => {
const mod = await importOriginal<typeof import("../infra/shell-env.js")>();
return {
...mod,
getShellPathFromLoginShell: vi.fn(() => "/custom/bin:/opt/bin"),
resolveShellEnvFallbackTimeoutMs: vi.fn(() => 1234),
};
});
vi.mock("../infra/exec-approvals.js", async (importOriginal) => {
const mod = await importOriginal<typeof import("../infra/exec-approvals.js")>();
const approvals: ExecApprovalsResolved = {
path: "/tmp/exec-approvals.json",
socketPath: "/tmp/exec-approvals.sock",
token: "token",
defaults: {
security: "full",
ask: "off",
askFallback: "full",
autoAllowSkills: false,
},
agent: {
security: "full",
ask: "off",
askFallback: "full",
autoAllowSkills: false,
},
allowlist: [],
file: {
version: 1,
socket: { path: "/tmp/exec-approvals.sock", token: "token" },
defaults: {
security: "full",
ask: "off",
askFallback: "full",
autoAllowSkills: false,
},
agents: {},
},
};
return { ...mod, resolveExecApprovals: () => approvals };
});
const { createExecTool } = await import("./bash-tools.exec.js");
const { getShellPathFromLoginShell } = await import("../infra/shell-env.js");
const normalizeText = (value?: string) =>
sanitizeBinaryOutput(value ?? "")
.replace(/\r\n/g, "\n")
.replace(/\r/g, "\n")
.trim();
const normalizePathEntries = (value?: string) =>
normalizeText(value)
.split(/[:\s]+/)
.map((entry) => entry.trim())
.filter(Boolean);
describe("exec PATH login shell merge", () => {
let envSnapshot: ReturnType<typeof captureEnv>;
beforeEach(() => {
envSnapshot = captureEnv(["PATH", "SHELL"]);
});
afterEach(() => {
envSnapshot.restore();
});
it("merges login-shell PATH for host=gateway", async () => {
if (isWin) {
return;
}
process.env.PATH = "/usr/bin";
const shellPathMock = vi.mocked(getShellPathFromLoginShell);
shellPathMock.mockClear();
shellPathMock.mockReturnValue("/custom/bin:/opt/bin");
const tool = createExecTool({ host: "gateway", security: "full", ask: "off" });
const result = await tool.execute("call1", { command: "echo $PATH" });
const entries = normalizePathEntries(result.content.find((c) => c.type === "text")?.text);
expect(entries).toEqual(["/custom/bin", "/opt/bin", "/usr/bin"]);
expect(shellPathMock).toHaveBeenCalledTimes(1);
});
it("sets OPENCLAW_SHELL for host=gateway commands", async () => {
if (isWin) {
return;
}
const tool = createExecTool({ host: "gateway", security: "full", ask: "off" });
const result = await tool.execute("call-openclaw-shell", {
command: 'printf "%s" "${OPENCLAW_SHELL:-}"',
});
const value = normalizeText(result.content.find((c) => c.type === "text")?.text);
expect(value).toBe("exec");
});
it("throws security violation when env.PATH is provided", async () => {
if (isWin) {
return;
}
process.env.PATH = "/usr/bin";
const shellPathMock = vi.mocked(getShellPathFromLoginShell);
shellPathMock.mockClear();
const tool = createExecTool({ host: "gateway", security: "full", ask: "off" });
await expect(
tool.execute("call1", {
command: "echo $PATH",
env: { PATH: "/explicit/bin" },
}),
).rejects.toThrow(/Security Violation: Custom 'PATH' variable is forbidden/);
expect(shellPathMock).not.toHaveBeenCalled();
});
it("does not apply login-shell PATH when probe rejects unregistered absolute SHELL", async () => {
if (isWin) {
return;
}
process.env.PATH = "/usr/bin";
const shellDir = fs.mkdtempSync(path.join(os.tmpdir(), "openclaw-shell-env-"));
const unregisteredShellPath = path.join(shellDir, "unregistered-shell");
fs.writeFileSync(unregisteredShellPath, '#!/bin/sh\nexec /bin/sh "$@"\n', {
encoding: "utf8",
mode: 0o755,
});
process.env.SHELL = unregisteredShellPath;
try {
const shellPathMock = vi.mocked(getShellPathFromLoginShell);
shellPathMock.mockClear();
shellPathMock.mockImplementation((opts) =>
opts.env.SHELL?.trim() === unregisteredShellPath ? null : "/custom/bin:/opt/bin",
);
const tool = createExecTool({ host: "gateway", security: "full", ask: "off" });
const result = await tool.execute("call1", { command: "echo $PATH" });
const entries = normalizePathEntries(result.content.find((c) => c.type === "text")?.text);
expect(entries).toEqual(["/usr/bin"]);
expect(shellPathMock).toHaveBeenCalledTimes(1);
expect(shellPathMock).toHaveBeenCalledWith(
expect.objectContaining({
env: process.env,
timeoutMs: 1234,
}),
);
} finally {
fs.rmSync(shellDir, { recursive: true, force: true });
}
});
});
describe("exec host env validation", () => {
it("blocks LD_/DYLD_ env vars on host execution", async () => {
const tool = createExecTool({ host: "gateway", security: "full", ask: "off" });
await expect(
tool.execute("call1", {
command: "echo ok",
env: { LD_DEBUG: "1" },
}),
).rejects.toThrow(/Security Violation: Environment variable 'LD_DEBUG' is forbidden/);
});
it("strips dangerous inherited env vars from host execution", async () => {
if (isWin) {
return;
}
const original = process.env.SSLKEYLOGFILE;
process.env.SSLKEYLOGFILE = "/tmp/openclaw-ssl-keys.log";
try {
const { createExecTool } = await import("./bash-tools.exec.js");
const tool = createExecTool({ host: "gateway", security: "full", ask: "off" });
const result = await tool.execute("call1", {
command: "printf '%s' \"${SSLKEYLOGFILE:-}\"",
});
const output = normalizeText(result.content.find((c) => c.type === "text")?.text);
expect(output).not.toContain("/tmp/openclaw-ssl-keys.log");
} finally {
if (original === undefined) {
delete process.env.SSLKEYLOGFILE;
} else {
process.env.SSLKEYLOGFILE = original;
}
}
});
it("defaults to sandbox when sandbox runtime is unavailable", async () => {
const tool = createExecTool({ security: "full", ask: "off" });
const result = await tool.execute("call1", {
command: "echo ok",
});
const text = normalizeText(result.content.find((c) => c.type === "text")?.text);
expect(text).toContain("ok");
const err = await tool
.execute("call2", {
command: "echo ok",
host: "gateway",
})
.then(() => null)
.catch((error: unknown) => (error instanceof Error ? error : new Error(String(error))));
expect(err).toBeTruthy();
expect(err?.message).toMatch(/exec host not allowed/);
expect(err?.message).toMatch(/tools\.exec\.host=sandbox/);
});
it("fails closed when sandbox host is explicitly configured without sandbox runtime", async () => {
const tool = createExecTool({ host: "sandbox", security: "full", ask: "off" });
await expect(
tool.execute("call1", {
command: "echo ok",
}),
).rejects.toThrow(/sandbox runtime is unavailable/);
});
});
Reference in New Issue View Git Blame Copy Permalink