nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Infra: tighten exec allowlist glob matching (#43798) 

* Infra: tighten exec allowlist glob matching

* Changelog: note GHSA-f8r2 exec allowlist fix
This commit is contained in:
Vincent Koc 2026-03-12 03:33:50 -04:00 committed by GitHub
parent d8ee97c466
commit 82e3ac21ee
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -12,6 +12,7 @@ Docs: https://docs.openclaw.ai
- Security/host env: block inherited `GIT_EXEC_PATH` from sanitized host exec environments so Git helper resolution cannot be steered by host environment state. (`GHSA-jf5v-pqgw-gm5m`)(#43685) Thanks @zpbrent and @vincentkoc.
- Security/session_status: enforce sandbox session-tree visibility and shared agent-to-agent access guards before reading or mutating target session state, so sandboxed subagents can no longer inspect parent session metadata or write parent model overrides via `session_status`. (`GHSA-wcxr-59v9-rxr8`)(#43754) Thanks @tdjackey and @vincentkoc.
- Models/secrets: enforce source-managed SecretRef markers in generated `models.json` so runtime-resolved provider secrets are not persisted when runtime projection is skipped. (#43759) Thanks @joshavant.
- Security/exec allowlist: preserve POSIX case sensitivity and keep `?` within a single path segment so exact-looking allowlist patterns no longer overmatch executables across case or directory boundaries. (`GHSA-f8r2-vg7x-gh8m`)(#43798) Thanks @zpbrent and @vincentkoc.
### Changes

14
src/infra/exec-allowlist-pattern.test.ts Normal file
View File

@ -0,0 +1,14 @@
import { describe, expect, it } from "vitest";
import { matchesExecAllowlistPattern } from "./exec-allowlist-pattern.js";
describe("matchesExecAllowlistPattern", () => {
it("does not let ? cross path separators", () => {
expect(matchesExecAllowlistPattern("/tmp/a?b", "/tmp/a/b")).toBe(false);
expect(matchesExecAllowlistPattern("/tmp/a?b", "/tmp/acb")).toBe(true);
});
it.runIf(process.platform !== "win32")("preserves case sensitivity on POSIX", () => {
expect(matchesExecAllowlistPattern("/tmp/Allowed-Tool", "/tmp/allowed-tool")).toBe(false);
expect(matchesExecAllowlistPattern("/tmp/Allowed-Tool", "/tmp/Allowed-Tool")).toBe(true);
});
});

6
src/infra/exec-allowlist-pattern.ts
View File

@ -9,7 +9,7 @@ function normalizeMatchTarget(value: string): string {
const stripped = value.replace(/^\\\\[?.]\\/, "");
return stripped.replace(/\\/g, "/").toLowerCase();
}
return value.replace(/\\\\/g, "/").toLowerCase();
return value.replace(/\\\\/g, "/");
}
function tryRealpath(value: string): string | null {
@ -46,7 +46,7 @@ function compileGlobRegex(pattern: string): RegExp {
continue;
}
if (ch === "?") {
regex += ".";
regex += "[^/]";
i += 1;
continue;
}
@ -55,7 +55,7 @@ function compileGlobRegex(pattern: string): RegExp {
}
regex += "$";
const compiled = new RegExp(regex, "i");
const compiled = new RegExp(regex, process.platform === "win32" ? "i" : "");
if (globRegexCache.size >= GLOB_REGEX_CACHE_LIMIT) {
globRegexCache.clear();
}