nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,722 Commits 754 Branches 79 Tags 4.5 GiB
Commit Graph

7787 Commits

Author SHA1 Message Date
Peter Steinberger 397f243ded refactor: dedupe gateway session guards and agent test fixtures 2026-02-19 14:27:36 +00:00
Peter Steinberger a99fd8f2dd refactor: reuse daemon action response type in lifecycle core 2026-02-19 14:27:36 +00:00
Peter Steinberger 672b1c5084 refactor: dedupe slack monitor mrkdwn and modal event base 2026-02-19 14:27:36 +00:00
Peter Steinberger cb6b835a49 test: dedupe heartbeat and action-runner fixtures 2026-02-19 14:27:36 +00:00
Peter Steinberger 26c9b37f5b fix(security): enforce strict IPv4 SSRF literal handling 2026-02-19 15:24:47 +01:00
Peter Steinberger 77c748304b refactor(plugins): extract safety and provenance helpers 2026-02-19 15:24:14 +01:00
Peter Steinberger 775816035e fix(security): enforce trusted sender auth for discord moderation 2026-02-19 15:18:24 +01:00
Peter Steinberger baa335f258 fix(security): harden SSRF IPv4 literal parsing 2026-02-19 15:14:46 +01:00
Peter Steinberger 3561442a9f fix(plugins): harden discovery trust checks 2026-02-19 15:14:12 +01:00
Peter Steinberger 5dc50b8a3f fix(security): harden npm plugin and hook install integrity flow 2026-02-19 15:11:25 +01:00
Peter Steinberger 2777d8ad93 refactor(security): unify gateway scope authorization flows 2026-02-19 15:06:38 +01:00
Peter Steinberger f8b61bb4ed refactor(acp): split session tests and share rate limiter 2026-02-19 14:55:06 +01:00
Peter Steinberger 19348050be style: normalize acp translator import ordering 2026-02-19 13:54:40 +00:00
Peter Steinberger 7a89049d1d refactor: dedupe pending pairing request flow and add reuse tests 2026-02-19 13:54:35 +00:00
Peter Steinberger d900d5efbd style: normalize ws message handler import ordering 2026-02-19 13:51:53 +00:00
Peter Steinberger 79ab4927c1 test: dedupe extracted-size budget assertions in archive tests 2026-02-19 13:51:53 +00:00
Peter Steinberger e01011e3e4 fix(acp): harden session lifecycle against flooding 2026-02-19 14:50:17 +01:00
Peter Steinberger 4ddc4dfd76 test: dedupe fetch cleanup-throw signal harness 2026-02-19 13:50:07 +00:00
Peter Steinberger 0bda0202fd fix(security): require explicit approval for device access upgrades 2026-02-19 14:49:09 +01:00
Peter Steinberger 182ffdf557 test: dedupe zai env test setup and cover blank legacy key 2026-02-19 13:48:21 +00:00
Peter Steinberger 177654f526 refactor: dedupe APNs push send flow and add wake default test 2026-02-19 13:45:34 +00:00
Peter Steinberger 722a898f20 refactor: dedupe openclaw root traversal and add coverage 2026-02-19 13:43:31 +00:00
Peter Steinberger 758ea3c5a1 style: apply oxfmt import ordering for check 2026-02-19 14:38:55 +01:00
Peter Steinberger 08a7967936 fix(security): fail closed on gateway bind fallback and tighten canvas IP fallback 2026-02-19 14:38:55 +01:00
Peter Steinberger a40c10d3e2 fix: harden agent gateway authorization scopes 2026-02-19 14:37:56 +01:00
Peter Steinberger 165c18819e refactor(security): simplify safe-bin validation structure 2026-02-19 14:33:58 +01:00
Peter Steinberger 74c51aeb1e style: format gateway server methods 2026-02-19 13:32:58 +00:00
Peter Steinberger 268b0dc921 style: fix formatting drift in security allowlist checks 2026-02-19 13:31:01 +00:00
Peter Steinberger ff74d89e86 fix: harden gateway control-plane restart protections 2026-02-19 14:30:15 +01:00
Peter Steinberger 14b4c7fd56 refactor: dedupe provider usage auth/fetch logic and expand coverage 2026-02-19 13:28:18 +00:00
Peter Steinberger 2d485cd47a refactor(security): extract safe-bin policy and dedupe tests 2026-02-19 14:28:03 +01:00
Peter Steinberger 0e85380e56 style: format files and fix safe-bins e2e typing 2026-02-19 14:26:12 +01:00
Peter Steinberger e3e0ffd801 feat(security): audit gateway HTTP no-auth exposure 2026-02-19 14:25:56 +01:00
Peter Steinberger fec48a5006 refactor(exec): split host flows and harden safe-bin trust 2026-02-19 14:22:01 +01:00
Thorfinn b45bb6801c
fix(doctor): skip embedding provider check when QMD backend is active (openclaw#17295) thanks @miloudbelarebia 
Verified:
- pnpm build
- pnpm check (fails on baseline formatting drift in files identical to origin/main)
- pnpm test:macmini

Co-authored-by: miloudbelarebia <52387093+miloudbelarebia@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-19 07:21:27 -06:00
Peter Steinberger bafdbb6f11 fix(security): eliminate safeBins file-existence oracle 2026-02-19 14:18:11 +01:00
Peter Steinberger 1316e57403 fix: enforce inbound attachment root policy across pipelines 2026-02-19 14:15:51 +01:00
Peter Steinberger cfe8457a0f fix(security): harden safeBins stdin-only enforcement 2026-02-19 14:10:45 +01:00
Peter Steinberger 3c127b6eac test: dedupe provider usage tests and expand coverage 2026-02-19 13:08:01 +00:00
Peter Steinberger ec232a9e2d refactor(security): harden temp-path handling for inbound media 2026-02-19 14:06:37 +01:00
Peter Steinberger 9f9cd5cbb2 refactor(browser): unify navigation guard path and error typing 2026-02-19 14:04:18 +01:00
Peter Steinberger badafdc7b3 refactor: dedupe provider usage fetch logic and tests 2026-02-19 12:51:30 +00:00
Peter Steinberger 6195660b1a fix(browser): unify SSRF guard path for navigation 2026-02-19 13:44:01 +01:00
David Rudduck e0aaf2d399
fix(security): block prototype-polluting keys in deepMerge (#20853) 
Reject __proto__, prototype, and constructor keys during deep-merge
to prevent prototype pollution when merging untrusted config objects.
 2026-02-19 03:47:48 -08:00
habakan 825cc70796
test: dedupe gateway auth and sessions patch coverage (#20087) 2026-02-19 03:35:58 -08:00
Mariano db73402235
Security: add explicit opt-in for deprecated plugin runtime exec (#20874) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: de69f81725
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-19 11:30:36 +00:00
Abdel Fane e955582c8f
security: add baseline security headers to gateway HTTP responses (#10526) 
* security: add baseline security headers to gateway HTTP responses

All responses from the gateway HTTP server now include
X-Content-Type-Options: nosniff and Referrer-Policy: no-referrer.

These headers are applied early in handleRequest, before any
handler runs, ensuring coverage for every response including
error pages and 404s.

Headers that restrict framing (X-Frame-Options, CSP
frame-ancestors) are intentionally omitted at this global level
because the canvas host and A2UI handlers serve content that may
be loaded inside frames.

* fix: apply security headers before WebSocket upgrade check

Move setDefaultSecurityHeaders() above the WebSocket early-return so
the headers are set on every HTTP response path including upgrades.

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-02-19 03:28:24 -08:00
mahanandhi 57102cbec9
Security: use crypto.randomBytes for temp file names (#20654) 
Replace Math.random() with crypto.randomBytes() for generating
temporary file names. Math.random() is predictable and can enable
TOCTOU race conditions. Also set mode 0o600 on TTS temp files.

Co-authored-by: sirishacyd <sirishacyd@gmail.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-19 03:19:29 -08:00
mahanandhi fb35635c10
Security: use execFileSync instead of execSync with shell strings (#20655) 
Replace execSync (which spawns a shell) with execFileSync (which
invokes the binary directly with an argv array). This eliminates
command injection risk from interpolated arguments.

Co-authored-by: sirishacyd <sirishacyd@gmail.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-19 03:19:09 -08:00
David Rudduck ee6d0bd321
fix(security): escape backticks in exec-approval command previews (#20854) 
Command text displayed in Discord exec-approval embeds was not sanitized,
allowing crafted commands containing backticks to break out of the markdown
code block and inject arbitrary Discord formatting. This fix inserts a
zero-width space before each backtick to neutralize markdown injection.
 2026-02-19 03:17:06 -08:00