openclaw

Commit Graph

Author	SHA1	Message	Date
Vincent Koc	f0202264d0	Gateway: scrub credentials from endpoint snapshots (#46799 ) * Gateway: scrub credentials from endpoint snapshots * Gateway: scrub raw endpoint credentials in snapshots * Gateway: preserve config redaction round-trips * Gateway: restore redacted endpoint URLs on apply	2026-03-15 10:28:15 -07:00
Peter Steinberger	854df8352c	refactor: share net and slack input helpers	2026-03-13 23:35:26 +00:00
Val Alexander	158d970e2b	[codex] Polish sidebar status, agent skills, and chat rendering (#45451 ) * style: update chat layout and spacing for improved UI consistency - Adjusted margin and padding for .chat-thread and .content--chat to enhance layout. - Consolidated CSS selectors for better readability and maintainability. - Introduced new test for log parsing functionality to ensure accurate message extraction. * UI: polish agent skills, chat images, and sidebar status * test: stabilize vitest helper export types * UI: address review feedback on agents refresh and chat styles * test: update outbound gateway client fixture values * test: narrow shared ip fixtures to IPv4	2026-03-13 16:53:40 -05:00
Peter Steinberger	daca6c9df2	test: tighten small shared helper coverage	2026-03-13 21:48:40 +00:00
Peter Steinberger	2d7a061161	test: tighten shared ip parsing coverage	2026-03-13 21:45:30 +00:00
Peter Steinberger	4fd8b98b10	test: tighten shared message and ipv4 coverage	2026-03-13 21:37:48 +00:00
Peter Steinberger	5a9d3abc10	test: tighten shared ip helper coverage	2026-03-13 21:27:15 +00:00
Peter Steinberger	7fe5cd26b5	test: add entry status and ipv4 helper coverage	2026-03-13 20:29:40 +00:00
Peter Steinberger	61b3246a7f	fix(ssrf): unify ipv6 special-use blocking	2026-02-26 03:43:42 +01:00
Peter Steinberger	baf656bc6f	fix: block IPv6 multicast SSRF bypass	2026-02-26 03:35:10 +01:00
Peter Steinberger	3af9d1f8e9	fix: scope Telegram RFC2544 SSRF exception to policy opt-in (#24982 ) (thanks @stakeswky)	2026-02-24 03:28:00 +00:00
User	9df80b73e2	fix: allow RFC2544 benchmark range (198.18.0.0/15) through SSRF filter Telegram's API and file servers resolve to IPs in the 198.18.0.0/15 range (RFC 2544 benchmarking range). The SSRF filter was blocking these addresses because ipaddr.js classifies them as 'reserved', and the filter also had an explicit RFC2544_BENCHMARK_PREFIX check that blocked them unconditionally. Fix: exempt 198.18.0.0/15 from the 'reserved' range block in isBlockedSpecialUseIpv4Address(). Other 'reserved' ranges (TEST-NET-2, TEST-NET-3, documentation prefixes) remain blocked. The explicit RFC2544_BENCHMARK_PREFIX check is repurposed as the exemption guard. Closes #24973	2026-02-24 03:28:00 +00:00
Peter Steinberger	98427453ba	fix(network): normalize SSRF IP parsing and monitor typing	2026-02-22 18:55:34 +01:00
Peter Steinberger	333fbb8634	refactor(net): consolidate IP checks with ipaddr.js	2026-02-22 17:02:44 +01:00
Peter Steinberger	26c9b37f5b	fix(security): enforce strict IPv4 SSRF literal handling	2026-02-19 15:24:47 +01:00
Peter Steinberger	4950fcfb33	refactor(gateway): share IPv4 input validator	2026-02-15 06:37:41 +00:00

16 Commits