openclaw/src/security at 396bf20cc6993d986ec52164c0136e3f0e0d2ebc - openclaw - Gitea: Git with a cup of tea

vultr/openclaw

mirror of https://github.com/openclaw/openclaw.git synced 2026-03-30 19:32:27 +00:00

Files

History

Robin Waslander 31112d5985 fix(security): audit web search keys for all bundled providers (#56540 )

hasWebSearchKey() was hardcoded to only check Brave and Perplexity
credentials. Replace with provider-aware check using
resolveBundledPluginWebSearchProviders() so Gemini, Grok/XAI, Kimi,
Moonshot, and OpenRouter credentials are recognized by the audit.

Add focused regression tests for each provider.

Fixes #34509

2026-03-28 18:55:38 +01:00

..

audit-channel.allow-from.runtime.ts

perf: split telegram audit runtime seams

2026-03-22 00:53:12 +00:00

audit-channel.collect.runtime.ts

refactor: consolidate lazy runtime surfaces

2026-03-17 00:59:20 -07:00

audit-channel.discord.runtime.ts

perf: split telegram audit runtime seams

2026-03-22 00:53:12 +00:00

audit-channel.telegram.runtime.ts

refactor: continue plugin seam cleanup

2026-03-27 13:46:16 +00:00

audit-channel.ts

refactor: audit synology dangerous name matching

2026-03-22 23:32:22 -07:00

audit-channel.zalouser.runtime.ts

perf: split telegram audit runtime seams

2026-03-22 00:53:12 +00:00

audit-extra.async.ts

fix: restore skill sourceInfo provenance handling

2026-03-28 04:05:18 +00:00

audit-extra.sync.test.ts

fix(security): audit web search keys for all bundled providers (#56540 )

2026-03-28 18:55:38 +01:00

audit-extra.sync.ts

fix(security): audit web search keys for all bundled providers (#56540 )

2026-03-28 18:55:38 +01:00

audit-extra.ts

feat(security): audit workspace skill symlink escapes

2026-03-02 23:28:54 +00:00

audit-fs.ts

Doctor/Security: fix telegram numeric ID + symlink config permission warnings (#19844 )

2026-02-18 00:09:51 -08:00

audit-tool-policy.ts

refactor(core): dedupe tool policy and IPv4 matcher logic

2026-02-16 16:14:54 +00:00

audit.deep.runtime.ts

Security: split audit runtime surfaces

2026-03-15 23:30:34 -07:00

audit.nondeep.runtime.ts

Security: split audit runtime surfaces

2026-03-15 23:30:34 -07:00

audit.runtime.ts

refactor: consolidate lazy runtime surfaces

2026-03-17 00:59:20 -07:00

audit.test.ts

test: dedupe security audit and acl suites

2026-03-28 01:17:57 +00:00

audit.ts

refactor: finish browser compat untangle

2026-03-26 22:42:41 +00:00

channel-metadata.ts

fix(security): separate untrusted channel metadata from system prompt (thanks @KonstantinMirin)

2026-02-03 23:02:45 -08:00

config-regex.ts

fix: harden mention pattern regex compilation

2026-03-15 08:44:12 -07:00

dangerous-config-flags.ts

feat(gateway)!: require explicit non-loopback control-ui origins

2026-02-24 01:57:11 +00:00

dangerous-tools.ts

Deny cron tool on /tools/invoke by default

2026-02-24 04:33:50 +00:00

dm-policy-shared.test.ts

test: dedupe security utility suites

2026-03-28 01:38:12 +00:00

dm-policy-shared.ts

Plugin SDK: use public utility subpaths

2026-03-18 09:43:46 -07:00

external-content.test.ts

test: dedupe security utility suites

2026-03-28 01:38:12 +00:00

external-content.ts

fix(gateway): preserve async hook ingress provenance

2026-03-22 22:21:49 -07:00

fix.test.ts

test: dedupe security utility suites

2026-03-28 01:38:12 +00:00

fix.ts

refactor(security): enforce account-scoped pairing APIs

2026-02-26 21:57:52 +01:00

mutable-allowlist-detectors.ts

feat(zalouser): audit mutable group allowlists

2026-03-13 01:44:42 +00:00

safe-regex.test.ts

test: dedupe security utility suites

2026-03-28 01:38:12 +00:00

safe-regex.ts

fix: harden mention pattern regex compilation

2026-03-15 08:44:12 -07:00

scan-paths.ts

fix(security): enforce plugin and hook path containment

2026-02-19 15:37:29 +01:00

secret-equal.ts

fix(security): SHA-256 hash before timingSafeEqual to prevent length leak (#20856 )

2026-02-19 03:16:35 -08:00

skill-scanner.test.ts

test: dedupe security utility suites

2026-03-28 01:38:12 +00:00

skill-scanner.ts

perf(security): cache scanner directory walks

2026-03-02 20:19:10 +00:00

temp-path-guard.test.ts

test: dedupe security utility suites

2026-03-28 01:38:12 +00:00

windows-acl.test.ts

test: dedupe security audit and acl suites

2026-03-28 01:17:57 +00:00

windows-acl.ts

fix(security): use icacls /sid for locale-independent Windows ACL audit (#38900 )

2026-03-07 12:49:33 -05:00