mirror of https://github.com/openclaw/openclaw.git
29 lines
1.1 KiB
TypeScript
29 lines
1.1 KiB
TypeScript
import type { ResolvedSynologyChatAccount } from "./types.js";
|
|
|
|
export function collectSynologyChatSecurityAuditFindings(params: {
|
|
accountId?: string | null;
|
|
account: ResolvedSynologyChatAccount;
|
|
orderedAccountIds: string[];
|
|
hasExplicitAccountPath: boolean;
|
|
}) {
|
|
if (!params.account.dangerouslyAllowNameMatching) {
|
|
return [];
|
|
}
|
|
const accountId = params.accountId?.trim() || params.account.accountId || "default";
|
|
const accountNote =
|
|
params.orderedAccountIds.length > 1 || params.hasExplicitAccountPath
|
|
? ` (account: ${accountId})`
|
|
: "";
|
|
return [
|
|
{
|
|
checkId: "channels.synology-chat.reply.dangerous_name_matching_enabled",
|
|
severity: "info" as const,
|
|
title: `Synology Chat dangerous name matching is enabled${accountNote}`,
|
|
detail:
|
|
"dangerouslyAllowNameMatching=true re-enables mutable username/nickname matching for reply delivery. This is a break-glass compatibility mode, not a hardened default.",
|
|
remediation:
|
|
"Prefer stable numeric Synology Chat user IDs for reply delivery, then disable dangerouslyAllowNameMatching.",
|
|
},
|
|
];
|
|
}
|