nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,641 Commits 755 Branches 79 Tags 4.3 GiB
Commit Graph

139 Commits

Author SHA1 Message Date
Peter Steinberger 29e41d4c0a fix: land security audit severity + temp-path guard fixes (#23428) (thanks @bmendonca3) 2026-02-22 11:26:17 +01:00
Brian Mendonca bc78b343ba Security: expand audit checks for mDNS and real-IP fallback 2026-02-22 11:26:17 +01:00
Peter Steinberger bfc9ecf32e test: harden temp path guard detection (#23398) 2026-02-22 11:12:01 +01:00
Peter Steinberger 57ce7214d2 test: stabilize temp-path guard across runtimes (#23398) 2026-02-22 11:12:01 +01:00
Peter Steinberger bd4f670544 refactor: simplify windows ACL parsing and expand coverage 2026-02-22 10:43:03 +01:00
Peter Steinberger 9b9cc44a4e fix: finalize modelByChannel validator landing (#23412) (thanks @ProspectOre) 2026-02-22 10:41:40 +01:00
Vignesh Natarajan 9325418098 chore: fix temp-path guard skip for *.test-helpers.ts 2026-02-22 01:41:06 -08:00
SK Akram 85a3c0c818 fix: use SID-based ACL classification for non-English Windows 2026-02-22 10:37:34 +01:00
Peter Steinberger 6c2e999776 refactor(security): unify secure id paths and guard weak patterns 2026-02-22 10:16:19 +01:00
Peter Steinberger f101d59d57 feat(security): warn on dangerous config flags at startup 2026-02-22 10:11:46 +01:00
Peter Steinberger 265da4dd2a fix(security): harden gateway command/audit guardrails 2026-02-22 08:45:48 +01:00
Peter Steinberger 3d718b5c37 test(security): dedupe external marker sanitization assertions 2026-02-22 07:44:57 +00:00
Peter Steinberger 049b8b14bc fix(security): flag open-group runtime/fs exposure in audit 2026-02-22 08:22:51 +01:00
Peter Steinberger fbf0c99d7c test(security): simplify repeated audit finding assertions 2026-02-21 23:09:15 +00:00
Peter Steinberger 0bd9f0d4ac
fix: enforce strict allowlist across pairing stores (#23017) 2026-02-22 00:00:23 +01:00
Peter Steinberger 0608587bc3 test: streamline config, audit, and qmd coverage 2026-02-21 22:23:43 +00:00
Peter Steinberger 302fa03f41 fix(test): skip test-utils files in temp path guard 2026-02-21 20:48:52 +01:00
Peter Steinberger c240104dc3 refactor(test): snapshot gateway auth env in security audit tests 2026-02-21 19:16:21 +00:00
Peter Steinberger 7724abeee0 refactor(test): dedupe env setup across suites 2026-02-21 19:13:46 +00:00
Peter Steinberger 4540790cb6 refactor(bluebubbles): share dm/group access policy checks 2026-02-21 20:08:33 +01:00
Peter Steinberger f97c45c5b5 fix(security): warn on Discord name-based allowlists in audit 2026-02-21 19:45:17 +01:00
Peter Steinberger f48698a50b fix(security): harden sandbox browser network defaults 2026-02-21 14:02:53 +01:00
Peter Steinberger 8c1518f0f3 fix(sandbox): use one-time noVNC observer tokens 2026-02-21 13:56:58 +01:00
Peter Steinberger 1835dec200 fix(security): force sandbox browser hash migration and audit stale labels 2026-02-21 13:25:41 +01:00
Peter Steinberger 14b0d2b816 refactor: harden control-ui auth flow and add insecure-flag audit summary 2026-02-21 13:18:23 +01:00
Peter Steinberger 99048dbec2 fix(gateway): align insecure-auth toggle messaging 2026-02-21 12:57:22 +01:00
Vincent Koc c2f5628915
Fix formatting (#22474) 2026-02-21 01:37:02 -05:00
C.J. Winslow 58f7b7638a
Security: add per-wrapper IDs to untrusted-content markers (#19009) 
Fixes #10927

Adds unique per-wrapper IDs to external-content boundary markers to
prevent spoofing attacks where malicious content could inject fake
marker boundaries.

- Generate random 16-char hex ID per wrap operation
- Start/end markers share the same ID for pairing
- Sanitizer strips markers with or without IDs (handles legacy + spoofed)
- Added test for attacker-injected markers with fake IDs

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-02-21 01:16:02 -05:00
Coy Geek 40a292619e
fix: Control UI Insecure Auth Bypass Allows Token-Only Auth Over HTTP (#20684) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: ad9be4b4d6
Co-authored-by: coygeek <65363919+coygeek@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 17:34:34 +00:00
Peter Steinberger f76f98b268 chore: fix formatting drift and stabilize cron tool mocks 2026-02-19 15:41:38 +01:00
Peter Steinberger 81b19aaa1a fix(security): enforce plugin and hook path containment 2026-02-19 15:37:29 +01:00
Peter Steinberger b40821b068 fix: harden ACP secret handling and exec preflight boundaries 2026-02-19 15:34:20 +01:00
Peter Steinberger 5dc50b8a3f fix(security): harden npm plugin and hook install integrity flow 2026-02-19 15:11:25 +01:00
Peter Steinberger 268b0dc921 style: fix formatting drift in security allowlist checks 2026-02-19 13:31:01 +00:00
Peter Steinberger e3e0ffd801 feat(security): audit gateway HTTP no-auth exposure 2026-02-19 14:25:56 +01:00
Peter Steinberger ec232a9e2d refactor(security): harden temp-path handling for inbound media 2026-02-19 14:06:37 +01:00
habakan 825cc70796
test: dedupe gateway auth and sessions patch coverage (#20087) 2026-02-19 03:35:58 -08:00
David Rudduck f1e1ad73ad
fix(security): SHA-256 hash before timingSafeEqual to prevent length leak (#20856) 
The previous implementation returned early when buffer lengths differed,
leaking the expected secret's length via timing side-channel. Hashing both
inputs with SHA-256 before comparison ensures fixed-length buffers and
constant-time comparison regardless of input lengths.
 2026-02-19 03:16:35 -08:00
Jay Caldwell 9edec67a18
fix(security): block plaintext WebSocket connections to non-loopback addresses (#20803) 
* fix(security): block plaintext WebSocket connections to non-loopback addresses

Addresses CWE-319 (Cleartext Transmission of Sensitive Information).

Previously, ws:// connections to remote hosts were allowed, exposing
both credentials and chat data to network interception. This change
blocks ALL plaintext ws:// connections to non-loopback addresses,
regardless of whether explicit credentials are configured (device
tokens may be loaded dynamically).

Security policy:
- wss:// allowed to any host
- ws:// allowed only to loopback (127.x.x.x, localhost, ::1)
- ws:// to LAN/tailnet/remote hosts now requires TLS

Changes:
- Add isSecureWebSocketUrl() validation in net.ts
- Block insecure connections in GatewayClient.start()
- Block insecure URLs in buildGatewayConnectionDetails()
- Handle malformed URLs gracefully without crashing
- Update tests to use wss:// for non-loopback URLs

Fixes #12519

* fix(test): update gateway-chat mock to preserve net.js exports

Use importOriginal to spread actual module exports and mock only
the functions needed for testing. This ensures isSecureWebSocketUrl
and other exports remain available to the code under test.
 2026-02-19 03:13:08 -08:00
Coy Geek f7a7a28c56
fix: enforce hooks token separation from gateway auth (#20813) 
* fix(an-03): apply security fix

Generated by staged fix workflow.

* fix(an-03): apply security fix

Generated by staged fix workflow.

* fix(an-03): remove stale test-link artifact from patch

Remove accidental a2ui test-link artifact from the tracked diff and keep startup auth enforcement centralized in startup-auth.ts.
 2026-02-19 02:48:08 -08:00
Peter Steinberger d6768098a1 refactor(security): share installed plugin directory scan helper 2026-02-19 00:29:07 +00:00
Peter Steinberger c8bdefd8b4 refactor(security): reuse shared scan path containment helper 2026-02-19 00:20:15 +00:00
Peter Steinberger 5c5c032f42 refactor(security): share DM allowlist state resolver 2026-02-18 23:58:11 +00:00
Peter Steinberger 89a0b95af4 refactor(security): reuse shared allowlist normalization 2026-02-18 23:48:32 +00:00
the sun gif man 114736ed1a
Doctor/Security: fix telegram numeric ID + symlink config permission warnings (#19844) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: e42bf1e48d
Co-authored-by: joshp123 <1497361+joshp123@users.noreply.github.com>
Co-authored-by: joshp123 <1497361+joshp123@users.noreply.github.com>
Reviewed-by: @joshp123
 2026-02-18 00:09:51 -08:00
Peter Steinberger b8b43175c5 style: align formatting with oxfmt 0.33 2026-02-18 01:34:35 +00:00
Peter Steinberger 31f9be126c style: run oxfmt and fix gate failures 2026-02-18 01:29:02 +00:00
cpojer 2a4ca7671e
chore: Fix types in tests 35/N. 2026-02-17 15:50:07 +09:00
cpojer d0cb8c19b2
chore: wtf. 2026-02-17 13:36:48 +09:00
Sebastian ed11e93cf2 chore(format) 2026-02-16 23:20:16 -05:00