Files
openclaw/src/node-host/invoke-system-run-allowlist.test.ts
Vincent Koc c22270a917 fix(build): restore package artifact declarations (#100249)
* fix(build): restore package artifact declarations

* fix(build): stage plugin sdk strict smoke artifacts

* test(exec): accept resolved safe-bin paths

* test(qa): type missing delivery metadata regression

* fix(build): restore llm runtime tsdown root

* fix(build): drop removed llm runtime tsdown root
2026-07-05 02:22:11 -07:00

310 lines
9.9 KiB
TypeScript

/** Tests system.run allowlist planning, output truncation, and argv resolution. */
import { spawn } from "node:child_process";
import fs from "node:fs";
import os from "node:os";
import path from "node:path";
import { describe, expect, it } from "vitest";
import {
resolveExecApprovalsFromFile,
resolvePlannedSegmentArgv,
type ExecCommandSegment,
} from "../infra/exec-approvals.js";
import { planShellAuthorization } from "../infra/exec-authorization-plan.js";
import { resolveExecSafeBinRuntimePolicy } from "../infra/exec-safe-bin-runtime-policy.js";
import {
evaluateSystemRunAllowlist,
resolveSystemRunExecArgv,
} from "./invoke-system-run-allowlist.js";
function resolveAllowlistApprovals() {
return resolveExecApprovalsFromFile({
file: {
version: 1,
defaults: {
security: "allowlist",
ask: "off",
askFallback: "deny",
},
},
});
}
function resolveWindowsShellExecArgv(segment: ExecCommandSegment) {
return resolveSystemRunExecArgv({
plannedAllowlistArgv: undefined,
argv: ["powershell.exe", "-Command", "safe --version"],
security: "allowlist",
approvals: resolveAllowlistApprovals(),
safeBins: new Set(),
safeBinProfiles: {},
trustedSafeBinDirs: new Set(),
skillBins: [],
autoAllowSkills: false,
isWindows: true,
policy: {
approvedByAsk: false,
analysisOk: true,
allowlistSatisfied: true,
},
shellCommand: "safe --version",
segments: [segment],
segmentSatisfiedBy: ["allowlist"],
authorizationPlan: undefined,
cwd: "C:\\workspace",
env: undefined,
});
}
function runExecutable(params: {
argv: string[];
cwd: string;
env: NodeJS.ProcessEnv;
}): Promise<{ exitCode: number | null; stdout: string }> {
return new Promise((resolve, reject) => {
const child = spawn(params.argv[0], params.argv.slice(1), {
cwd: params.cwd,
env: params.env,
stdio: ["ignore", "pipe", "pipe"],
windowsHide: true,
});
const stdout: Buffer[] = [];
child.stdout.on("data", (chunk: Buffer) => stdout.push(chunk));
child.once("error", reject);
child.once("close", (exitCode) => {
resolve({ exitCode, stdout: Buffer.concat(stdout).toString("utf8") });
});
});
}
describe("resolveSystemRunExecArgv", () => {
it("pins Windows shell execution to the resolved allowlisted executable", async () => {
const trustedExecutable = "C:\\trusted-bin\\safe.exe";
const result = await resolveWindowsShellExecArgv({
raw: "safe --version",
argv: ["safe", "--version"],
resolution: {
execution: {
rawExecutable: "safe",
resolvedPath: trustedExecutable,
executableName: "safe.exe",
},
policy: {
rawExecutable: "safe",
resolvedPath: trustedExecutable,
executableName: "safe.exe",
},
},
});
expect(result).toEqual([trustedExecutable, "--version"]);
});
it("preserves unresolved Windows shell argv authorized by a bare wildcard", async () => {
const result = await resolveWindowsShellExecArgv({
raw: "safe --version",
argv: ["safe", "--version"],
resolution: null,
});
expect(result).toEqual(["safe", "--version"]);
});
it("fails closed when the Windows shell execution plan is blocked", async () => {
const result = await resolveWindowsShellExecArgv({
raw: "safe --version",
argv: ["safe", "--version"],
resolution: {
policyBlocked: true,
execution: {
rawExecutable: "safe",
executableName: "safe",
},
policy: {
rawExecutable: "safe",
executableName: "safe",
},
},
});
expect(result).toBeNull();
});
it.runIf(process.platform === "win32")(
"executes the allowlisted path instead of a workspace shadow executable",
async () => {
const fixtureRoot = fs.mkdtempSync(path.join(os.tmpdir(), "openclaw-windows-shadow-"));
const trustedBin = path.join(fixtureRoot, "trusted-bin");
const workspace = path.join(fixtureRoot, "workspace");
fs.mkdirSync(trustedBin);
fs.mkdirSync(workspace);
const trustedExecutable = path.join(trustedBin, "safe.exe");
const shadowExecutable = path.join(workspace, "safe.exe");
const systemRoot = process.env.SystemRoot ?? process.env.WINDIR ?? "C:\\Windows";
fs.copyFileSync(path.join(systemRoot, "System32", "cmd.exe"), trustedExecutable);
fs.copyFileSync(path.join(systemRoot, "System32", "where.exe"), shadowExecutable);
const env = {
...process.env,
PATH: `${trustedBin}${path.delimiter}${process.env.PATH ?? ""}`,
PATHEXT: process.env.PATHEXT ?? ".COM;.EXE;.BAT;.CMD",
};
const shellCommand = "safe /d /s /c echo TRUSTED_EXECUTABLE";
const commandTail = ["/d", "/s", "/c", "echo", "TRUSTED_EXECUTABLE"];
try {
const bareResult = await runExecutable({
argv: ["safe", ...commandTail],
cwd: workspace,
env,
});
expect(bareResult.exitCode).not.toBe(0);
expect(bareResult.stdout).not.toContain("TRUSTED_EXECUTABLE");
const approvals = resolveExecApprovalsFromFile({
file: {
version: 1,
defaults: { security: "allowlist", ask: "off", askFallback: "deny" },
agents: { main: { allowlist: [{ pattern: trustedExecutable }] } },
},
});
const analysis = await evaluateSystemRunAllowlist({
shellCommand,
argv: ["powershell.exe", "-Command", shellCommand],
approvals,
security: "allowlist",
safeBins: new Set(),
safeBinProfiles: {},
trustedSafeBinDirs: new Set(),
cwd: workspace,
env,
skillBins: [],
autoAllowSkills: false,
});
expect(analysis.analysisOk).toBe(true);
expect(analysis.allowlistSatisfied).toBe(true);
const execArgv = await resolveSystemRunExecArgv({
plannedAllowlistArgv: undefined,
argv: ["powershell.exe", "-Command", shellCommand],
security: "allowlist",
approvals,
safeBins: new Set(),
safeBinProfiles: {},
trustedSafeBinDirs: new Set(),
skillBins: [],
autoAllowSkills: false,
isWindows: true,
policy: {
approvedByAsk: false,
analysisOk: analysis.analysisOk,
allowlistSatisfied: analysis.allowlistSatisfied,
},
shellCommand,
segments: analysis.segments,
segmentSatisfiedBy: analysis.segmentSatisfiedBy,
authorizationPlan: analysis.authorizationPlan,
cwd: workspace,
env,
});
expect(execArgv?.[0]).toBe(fs.realpathSync(trustedExecutable));
const fixedResult = await runExecutable({ argv: execArgv ?? [], cwd: workspace, env });
expect(fixedResult.exitCode).toBe(0);
expect(fixedResult.stdout).toContain("TRUSTED_EXECUTABLE");
} finally {
fs.rmSync(fixtureRoot, { recursive: true, force: true });
}
},
);
it.runIf(process.platform !== "win32")(
"fails closed when shell rewriting has no authorization plan",
async () => {
const env = { PATH: "/usr/bin:/bin" };
const result = await resolveSystemRunExecArgv({
plannedAllowlistArgv: undefined,
argv: ["/bin/sh", "-lc", "head -c 16"],
security: "allowlist",
approvals: resolveAllowlistApprovals(),
safeBins: new Set(),
safeBinProfiles: {},
trustedSafeBinDirs: new Set(),
skillBins: [],
autoAllowSkills: false,
isWindows: false,
policy: {
approvedByAsk: false,
analysisOk: true,
allowlistSatisfied: true,
},
shellCommand: "head -c 16",
segments: [],
segmentSatisfiedBy: ["safeBins"],
authorizationPlan: undefined,
cwd: undefined,
env,
});
expect(result).toBeNull();
},
);
it.runIf(process.platform !== "win32")(
"returns rebuilt shell argv when the authorization plan supports rewriting",
async () => {
const env = { PATH: "/usr/bin:/bin" };
const authorizationPlan = await planShellAuthorization({
command: "head -c 16",
env,
platform: process.platform,
});
expect(authorizationPlan.ok).toBe(true);
if (!authorizationPlan.ok) {
throw new Error(authorizationPlan.reason);
}
const safeBinPolicy = resolveExecSafeBinRuntimePolicy({
global: { safeBins: ["head"] },
});
const result = await resolveSystemRunExecArgv({
plannedAllowlistArgv: undefined,
argv: ["/bin/sh", "-lc", "head -c 16"],
security: "allowlist",
approvals: resolveAllowlistApprovals(),
safeBins: safeBinPolicy.safeBins,
safeBinProfiles: safeBinPolicy.safeBinProfiles,
trustedSafeBinDirs: safeBinPolicy.trustedSafeBinDirs,
skillBins: [],
autoAllowSkills: false,
isWindows: false,
policy: {
approvedByAsk: false,
analysisOk: true,
allowlistSatisfied: true,
},
shellCommand: "head -c 16",
segments: authorizationPlan.groups.flatMap((group) =>
group.candidates.map((candidate) => candidate.sourceSegment),
),
segmentSatisfiedBy: ["safeBins"],
authorizationPlan,
cwd: undefined,
env,
});
const [candidate] = authorizationPlan.groups[0]?.candidates ?? [];
if (!candidate) {
throw new Error("expected a safe-bin authorization candidate");
}
const plannedArgv = resolvePlannedSegmentArgv(candidate.sourceSegment);
if (!plannedArgv) {
throw new Error("expected a safe-bin execution plan");
}
expect(result).not.toBeNull();
expect(result?.[0]).toBe("/bin/sh");
expect(result?.[2]).toBe(plannedArgv.join(" "));
},
);
});