vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-13 18:21:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
dfd4e9f8a13d5b4bf2e21cce3667b2c08ea154e3
openclaw/apps/macos/Sources/OpenClaw/HostEnvSecurityPolicy.generated.swift
Pavan Kumar Gondhi 2d126fc623 fix(infra): expand host env security policy denylist [AI] (#63277) 
* fix: address issue

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: close host env inherited sanitization gap

* fix: enforce host env reported baseline coverage

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* docs: add changelog entry for PR merge
2026-04-10 11:36:39 +05:30

457 lines
11 KiB
Swift
Raw Blame History

// Generated file. Do not edit directly.
// Source: src/infra/host-env-security-policy.json
// Regenerate: node scripts/generate-host-env-security-policy-swift.mjs --write
import Foundation
enum HostEnvSecurityPolicy {
static let blockedInheritedKeys: Set<String> = [
"_JAVA_OPTIONS",
"AMQP_URL",
"ANSIBLE_CALLBACK_PLUGINS",
"ANSIBLE_COLLECTIONS_PATH",
"ANSIBLE_CONFIG",
"ANSIBLE_CONNECTION_PLUGINS",
"ANSIBLE_FILTER_PLUGINS",
"ANSIBLE_INVENTORY_PLUGINS",
"ANSIBLE_LIBRARY",
"ANSIBLE_LOOKUP_PLUGINS",
"ANSIBLE_MODULE_UTILS",
"ANSIBLE_REMOTE_TEMP",
"ANSIBLE_ROLES_PATH",
"ANSIBLE_STRATEGY_PLUGINS",
"ANT_OPTS",
"AWS_ACCESS_KEY_ID",
"AWS_CONTAINER_CREDENTIALS_FULL_URI",
"AWS_CONTAINER_CREDENTIALS_RELATIVE_URI",
"AWS_SECRET_ACCESS_KEY",
"AWS_SECURITY_TOKEN",
"AWS_SESSION_TOKEN",
"AZURE_CLIENT_ID",
"AZURE_CLIENT_SECRET",
"BASH_ENV",
"BROWSER",
"BUN_CONFIG_REGISTRY",
"BUNDLE_GEMFILE",
"BZR_EDITOR",
"BZR_PLUGIN_PATH",
"BZR_SSH",
"C_INCLUDE_PATH",
"CARGO_BUILD_RUSTC",
"CARGO_BUILD_RUSTC_WRAPPER",
"CARGO_HOME",
"CATALINA_OPTS",
"CC",
"CFLAGS",
"CGO_CFLAGS",
"CGO_LDFLAGS",
"CLASSPATH",
"CMAKE_C_COMPILER",
"CMAKE_CXX_COMPILER",
"CMAKE_TOOLCHAIN_FILE",
"COMPOSER_HOME",
"CONFIG_SHELL",
"CONFIG_SITE",
"CORECLR_PROFILER",
"CORECLR_PROFILER_PATH",
"CPATH",
"CPLUS_INCLUDE_PATH",
"CURL_HOME",
"CXX",
"DATABASE_URL",
"DENO_DIR",
"DOTNET_ADDITIONAL_DEPS",
"DOTNET_STARTUP_HOOKS",
"EDITOR",
"ELIXIR_ERL_OPTIONS",
"EMACSLOADPATH",
"ENV",
"ERL_AFLAGS",
"ERL_FLAGS",
"ERL_ZFLAGS",
"EXINIT",
"FCEDIT",
"GCONV_PATH",
"GEM_HOME",
"GEM_PATH",
"GH_TOKEN",
"GIT_ALTERNATE_OBJECT_DIRECTORIES",
"GIT_ASKPASS",
"GIT_COMMON_DIR",
"GIT_DIR",
"GIT_EDITOR",
"GIT_EXEC_PATH",
"GIT_EXTERNAL_DIFF",
"GIT_HOOK_PATH",
"GIT_INDEX_FILE",
"GIT_NAMESPACE",
"GIT_OBJECT_DIRECTORY",
"GIT_PROXY_COMMAND",
"GIT_SEQUENCE_EDITOR",
"GIT_SSH",
"GIT_SSH_COMMAND",
"GIT_SSL_CAINFO",
"GIT_SSL_CAPATH",
"GIT_SSL_NO_VERIFY",
"GIT_TEMPLATE_DIR",
"GIT_WORK_TREE",
"GITHUB_TOKEN",
"GITLAB_TOKEN",
"GLIBC_TUNABLES",
"GOENV",
"GOFLAGS",
"GONOPROXY",
"GONOSUMCHECK",
"GONOSUMDB",
"GOPATH",
"GOPRIVATE",
"GOPROXY",
"GRADLE_OPTS",
"GVIMINIT",
"HELM_HOME",
"HELM_PLUGINS",
"HGRCPATH",
"HOSTALIASES",
"IFS",
"JAVA_OPTS",
"JAVA_TOOL_OPTIONS",
"JDK_JAVA_OPTIONS",
"JULIA_EDITOR",
"LDFLAGS",
"LESSCLOSE",
"LESSOPEN",
"LIBRARY_PATH",
"LUA_CPATH",
"LUA_INIT",
"LUA_INIT_5_1",
"LUA_INIT_5_2",
"LUA_INIT_5_3",
"LUA_INIT_5_4",
"LUA_PATH",
"MAKEFLAGS",
"MAVEN_OPTS",
"MFLAGS",
"MONGODB_URI",
"MYVIMRC",
"NODE_AUTH_TOKEN",
"NODE_OPTIONS",
"NODE_PATH",
"NPM_TOKEN",
"OBJC_INCLUDE_PATH",
"OPENSSL_CONF",
"OPENSSL_ENGINES",
"PACKER_PLUGIN_PATH",
"PERL5DB",
"PERL5DBCMD",
"PERL5LIB",
"PERL5OPT",
"PHP_INI_SCAN_DIR",
"PHPRC",
"PIP_CONFIG_FILE",
"PIP_EXTRA_INDEX_URL",
"PIP_FIND_LINKS",
"PIP_INDEX_URL",
"PIP_PYPI_URL",
"PIP_TRUSTED_HOST",
"PROMPT_COMMAND",
"PS4",
"PYTHONBREAKPOINT",
"PYTHONHOME",
"PYTHONPATH",
"PYTHONSTARTUP",
"PYTHONUSERBASE",
"R_ENVIRON",
"R_ENVIRON_USER",
"R_LIBS_USER",
"R_PROFILE",
"R_PROFILE_USER",
"REDIS_URL",
"RUBYLIB",
"RUBYOPT",
"RUBYSHELL",
"RUSTC_WRAPPER",
"RUSTFLAGS",
"SBT_OPTS",
"SHELL",
"SHELLOPTS",
"SSH_ASKPASS",
"SSLKEYLOGFILE",
"SUDO_ASKPASS",
"SUDO_EDITOR",
"SVN_EDITOR",
"SVN_SSH",
"TF_CLI_CONFIG_FILE",
"TF_PLUGIN_CACHE_DIR",
"UV_DEFAULT_INDEX",
"UV_EXTRA_INDEX_URL",
"UV_INDEX",
"UV_INDEX_URL",
"UV_PYTHON",
"VAGRANT_VAGRANTFILE",
"VIMINIT",
"VIRTUAL_ENV",
"VISUAL",
"WGETRC",
"XDG_CONFIG_DIRS",
"XDG_CONFIG_HOME",
"YARN_RC_FILENAME"
]
static let blockedInheritedPrefixes: [String] = [
"BASH_FUNC_",
"DYLD_",
"LD_"
]
static let blockedKeys: Set<String> = [
"_JAVA_OPTIONS",
"ANT_OPTS",
"BASH_ENV",
"BROWSER",
"BZR_EDITOR",
"BZR_PLUGIN_PATH",
"BZR_SSH",
"CARGO_BUILD_RUSTC",
"CARGO_BUILD_RUSTC_WRAPPER",
"CATALINA_OPTS",
"CC",
"CMAKE_C_COMPILER",
"CMAKE_CXX_COMPILER",
"CMAKE_TOOLCHAIN_FILE",
"CONFIG_SHELL",
"CONFIG_SITE",
"CORECLR_PROFILER",
"CXX",
"DOTNET_ADDITIONAL_DEPS",
"DOTNET_STARTUP_HOOKS",
"ELIXIR_ERL_OPTIONS",
"EMACSLOADPATH",
"ENV",
"ERL_AFLAGS",
"ERL_FLAGS",
"ERL_ZFLAGS",
"EXINIT",
"GCONV_PATH",
"GIT_ALTERNATE_OBJECT_DIRECTORIES",
"GIT_COMMON_DIR",
"GIT_DIR",
"GIT_EDITOR",
"GIT_EXEC_PATH",
"GIT_EXTERNAL_DIFF",
"GIT_HOOK_PATH",
"GIT_INDEX_FILE",
"GIT_NAMESPACE",
"GIT_OBJECT_DIRECTORY",
"GIT_SEQUENCE_EDITOR",
"GIT_SSL_CAINFO",
"GIT_SSL_CAPATH",
"GIT_SSL_NO_VERIFY",
"GIT_TEMPLATE_DIR",
"GIT_WORK_TREE",
"GLIBC_TUNABLES",
"GRADLE_OPTS",
"GVIMINIT",
"HELM_PLUGINS",
"HGRCPATH",
"HOSTALIASES",
"IFS",
"JAVA_OPTS",
"JAVA_TOOL_OPTIONS",
"JDK_JAVA_OPTIONS",
"JULIA_EDITOR",
"LUA_INIT",
"LUA_INIT_5_1",
"LUA_INIT_5_2",
"LUA_INIT_5_3",
"LUA_INIT_5_4",
"MAKEFLAGS",
"MAVEN_OPTS",
"MFLAGS",
"MYVIMRC",
"NODE_OPTIONS",
"NODE_PATH",
"PACKER_PLUGIN_PATH",
"PERL5LIB",
"PERL5OPT",
"PS4",
"PYTHONBREAKPOINT",
"PYTHONHOME",
"PYTHONPATH",
"R_ENVIRON",
"R_ENVIRON_USER",
"R_PROFILE",
"R_PROFILE_USER",
"RUBYLIB",
"RUBYOPT",
"RUBYSHELL",
"RUSTC_WRAPPER",
"SBT_OPTS",
"SHELL",
"SHELLOPTS",
"SSLKEYLOGFILE",
"SUDO_ASKPASS",
"SVN_EDITOR",
"SVN_SSH",
"VAGRANT_VAGRANTFILE",
"VIMINIT"
]
static let blockedOverrideKeys: Set<String> = [
"ALL_PROXY",
"AMQP_URL",
"ANSIBLE_CALLBACK_PLUGINS",
"ANSIBLE_COLLECTIONS_PATH",
"ANSIBLE_CONFIG",
"ANSIBLE_CONNECTION_PLUGINS",
"ANSIBLE_FILTER_PLUGINS",
"ANSIBLE_INVENTORY_PLUGINS",
"ANSIBLE_LIBRARY",
"ANSIBLE_LOOKUP_PLUGINS",
"ANSIBLE_MODULE_UTILS",
"ANSIBLE_REMOTE_TEMP",
"ANSIBLE_ROLES_PATH",
"ANSIBLE_STRATEGY_PLUGINS",
"AWS_ACCESS_KEY_ID",
"AWS_CONFIG_FILE",
"AWS_CONTAINER_CREDENTIALS_FULL_URI",
"AWS_CONTAINER_CREDENTIALS_RELATIVE_URI",
"AWS_SECRET_ACCESS_KEY",
"AWS_SECURITY_TOKEN",
"AWS_SESSION_TOKEN",
"AWS_SHARED_CREDENTIALS_FILE",
"AWS_WEB_IDENTITY_TOKEN_FILE",
"AZURE_AUTH_LOCATION",
"AZURE_CLIENT_ID",
"AZURE_CLIENT_SECRET",
"BUN_CONFIG_REGISTRY",
"BUNDLE_GEMFILE",
"C_INCLUDE_PATH",
"CARGO_BUILD_RUSTC_WRAPPER",
"CARGO_HOME",
"CFLAGS",
"CGO_CFLAGS",
"CGO_LDFLAGS",
"CLASSPATH",
"COMPOSER_HOME",
"CORECLR_PROFILER_PATH",
"CPATH",
"CPLUS_INCLUDE_PATH",
"CURL_CA_BUNDLE",
"CURL_HOME",
"DATABASE_URL",
"DENO_DIR",
"DOCKER_CERT_PATH",
"DOCKER_CONTEXT",
"DOCKER_HOST",
"DOCKER_TLS_VERIFY",
"EDITOR",
"FCEDIT",
"GEM_HOME",
"GEM_PATH",
"GH_TOKEN",
"GIT_ALTERNATE_OBJECT_DIRECTORIES",
"GIT_ASKPASS",
"GIT_COMMON_DIR",
"GIT_DIR",
"GIT_INDEX_FILE",
"GIT_NAMESPACE",
"GIT_OBJECT_DIRECTORY",
"GIT_PAGER",
"GIT_PROXY_COMMAND",
"GIT_SSH",
"GIT_SSH_COMMAND",
"GIT_SSL_CAINFO",
"GIT_SSL_CAPATH",
"GIT_SSL_NO_VERIFY",
"GIT_WORK_TREE",
"GITHUB_TOKEN",
"GITLAB_TOKEN",
"GOENV",
"GOFLAGS",
"GONOPROXY",
"GONOSUMCHECK",
"GONOSUMDB",
"GOOGLE_APPLICATION_CREDENTIALS",
"GOPATH",
"GOPRIVATE",
"GOPROXY",
"GRADLE_USER_HOME",
"HELM_HOME",
"HGRCPATH",
"HISTFILE",
"HOME",
"HTTP_PROXY",
"HTTPS_PROXY",
"KUBECONFIG",
"LDFLAGS",
"LESSCLOSE",
"LESSOPEN",
"LIBRARY_PATH",
"LUA_CPATH",
"LUA_PATH",
"MAKEFLAGS",
"MANPAGER",
"MFLAGS",
"MONGODB_URI",
"NO_PROXY",
"NODE_AUTH_TOKEN",
"NODE_EXTRA_CA_CERTS",
"NODE_TLS_REJECT_UNAUTHORIZED",
"NPM_TOKEN",
"OBJC_INCLUDE_PATH",
"OPENSSL_CONF",
"OPENSSL_ENGINES",
"PAGER",
"PERL5DB",
"PERL5DBCMD",
"PHP_INI_SCAN_DIR",
"PHPRC",
"PIP_CONFIG_FILE",
"PIP_EXTRA_INDEX_URL",
"PIP_FIND_LINKS",
"PIP_INDEX_URL",
"PIP_PYPI_URL",
"PIP_TRUSTED_HOST",
"PROMPT_COMMAND",
"PYTHONSTARTUP",
"PYTHONUSERBASE",
"R_LIBS_USER",
"REDIS_URL",
"REQUESTS_CA_BUNDLE",
"RUSTC_WRAPPER",
"RUSTFLAGS",
"SSH_ASKPASS",
"SSH_AUTH_SOCK",
"SSL_CERT_DIR",
"SSL_CERT_FILE",
"SUDO_EDITOR",
"TF_CLI_CONFIG_FILE",
"TF_PLUGIN_CACHE_DIR",
"UV_DEFAULT_INDEX",
"UV_EXTRA_INDEX_URL",
"UV_INDEX",
"UV_INDEX_URL",
"UV_PYTHON",
"VIRTUAL_ENV",
"VISUAL",
"WGETRC",
"XDG_CONFIG_DIRS",
"XDG_CONFIG_HOME",
"YARN_RC_FILENAME",
"ZDOTDIR"
]
static let blockedOverridePrefixes: [String] = [
"CARGO_REGISTRIES_",
"GIT_CONFIG_",
"NPM_CONFIG_",
"TF_VAR_"
]
static let blockedPrefixes: [String] = [
"BASH_FUNC_",
"DYLD_",
"LD_"
]
}
Reference in New Issue View Git Blame Copy Permalink