nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Plugins: sanitize sdk export subpaths

This commit is contained in:
scoootscooob 2026-03-24 10:57:06 -07:00 committed by scoootscooob
parent fc60ced03c
commit 01d3442246
2 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/plugins/sdk-alias.test.ts
View File

@ -341,6 +341,9 @@ describe("plugin sdk alias helpers", () => {
"./plugin-sdk/compat": { default: "./dist/plugin-sdk/compat.js" },
"./plugin-sdk/telegram": { default: "./dist/plugin-sdk/telegram.js" },
"./plugin-sdk/nested/value": { default: "./dist/plugin-sdk/nested/value.js" },
"./plugin-sdk/..\\..\\evil": { default: "./dist/plugin-sdk/evil.js" },
"./plugin-sdk/C:temp": { default: "./dist/plugin-sdk/drive.js" },
"./plugin-sdk/.hidden": { default: "./dist/plugin-sdk/hidden.js" },
},
});
const subpaths = listPluginSdkExportedSubpaths({

6
src/plugins/sdk-alias.ts
View File

@ -32,11 +32,15 @@ function readPluginSdkPackageJson(packageRoot: string): PluginSdkPackageJson | n
}
}
function isSafePluginSdkSubpathSegment(subpath: string): boolean {
return /^[A-Za-z0-9][A-Za-z0-9_-]*$/.test(subpath);
}
function listPluginSdkSubpathsFromPackageJson(pkg: PluginSdkPackageJson): string[] {
return Object.keys(pkg.exports ?? {})
.filter((key) => key.startsWith("./plugin-sdk/"))
.map((key) => key.slice("./plugin-sdk/".length))
.filter((subpath) => Boolean(subpath) && !subpath.includes("/"))
.filter((subpath) => isSafePluginSdkSubpathSegment(subpath))
.toSorted();
}