mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-31 23:27:26 +00:00
b1117d9862
* refactor: extract gateway client package * chore: drop generated gateway package artifacts * refactor: move gateway protocol package * refactor: remove old gateway protocol tree * test: keep auth compat split in run mode * test: expose gateway wrapper options for internals * fix: watch moved gateway package sources * test: normalize slash command import guard * chore: teach knip gateway package entries * ci: route gateway client package checks * fix: reuse ipaddr for gateway client hosts * fix: sync gateway protocol usage schema
49 lines
1.1 KiB
YAML
49 lines
1.1 KiB
YAML
name: openclaw-codeql-channel-runtime-boundary-critical-security
|
|
|
|
disable-default-queries: true
|
|
|
|
queries:
|
|
- uses: security-extended
|
|
|
|
query-filters:
|
|
- include:
|
|
precision:
|
|
- high
|
|
- very-high
|
|
tags contain: security
|
|
security-severity: /([7-9]|10)\.(\d)+/
|
|
|
|
paths:
|
|
- src/channels
|
|
- src/config/channel-*.ts
|
|
- src/config/types.channel*.ts
|
|
- src/gateway/server-channel*.ts
|
|
- src/gateway/server-methods/channels.ts
|
|
- packages/gateway-protocol/src/schema/channels.ts
|
|
- src/infra/channel-*.ts
|
|
- src/infra/exec-approval-channel-runtime.ts
|
|
- src/infra/outbound/channel-*.ts
|
|
- src/plugin-sdk/channel-*.ts
|
|
- src/plugins/channel-*.ts
|
|
- src/plugins/bundled-channel-*.ts
|
|
- src/plugins/runtime/*channel*.ts
|
|
- src/secrets/channel-*.ts
|
|
- src/secrets/runtime-config-collectors-channels.ts
|
|
- src/security/audit-channel*.ts
|
|
|
|
paths-ignore:
|
|
- "**/node_modules"
|
|
- "**/coverage"
|
|
- "**/*.generated.ts"
|
|
- "**/*.bundle.js"
|
|
- "**/*-runtime.js"
|
|
- "**/*.test.ts"
|
|
- "**/*.test.tsx"
|
|
- "**/*.e2e.test.ts"
|
|
- "**/*.e2e.test.tsx"
|
|
- "**/*test-support*"
|
|
- "**/*test-helper*"
|
|
- "**/*mock*"
|
|
- "**/*fixture*"
|
|
- "**/*bench*"
|