LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-03-21 16:41:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: harden exec allowlist regex literal handling (#32162) (thanks @stakeswky)

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-02 21:26:09 +00:00
parent 8da8756f76
commit 21d6d878ce
2 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -61,6 +61,7 @@ Docs: https://docs.openclaw.ai
- Telegram/models picker callbacks: keep long model buttons selectable by falling back to compact callback payloads and resolving provider ids on selection (with provider re-prompt on ambiguity), avoiding Telegram 64-byte callback truncation failures. (#31857) Thanks @bmendonca3.
- Config/backups hardening: enforce owner-only (`0600`) permissions on rotated config backups and clean orphan `.bak.*` files outside the managed backup ring, reducing credential leakage risk from stale or permissive backup artifacts. (#31718) Thanks @YUJIE2002.
- WhatsApp/inbound self-message context: propagate inbound `fromMe` through the web inbox pipeline and annotate direct self messages as `(self)` in envelopes so agents can distinguish owner-authored turns from contact turns. (#32167) Thanks @scoootscooob.
- Exec approvals/allowlist matching: escape regex metacharacters in path-pattern literals (while preserving glob wildcards), preventing crashes on allowlisted executables like `/usr/bin/g++` and correctly matching mixed wildcard/literal token paths. (#32162) Thanks @stakeswky.
- Webchat/stream finalization: persist streamed assistant text when final events omit `message`, while keeping final payload precedence and skipping empty stream buffers to prevent disappearing replies after tool turns. (#31920) Thanks @Sid-Qin.
- Cron/store migration: normalize legacy cron jobs with string `schedule` and top-level `command`/`timeout` fields into canonical schedule/payload/session-target shape on load, preventing schedule-error loops on old persisted stores. (#31926) Thanks @bmendonca3.
- Gateway/Heartbeat model reload: treat `models.*` and `agents.defaults.model` config updates as heartbeat hot-reload triggers so heartbeat picks up model changes without a full gateway restart. (#32046) Thanks @stakeswky.

10
src/infra/exec-approvals.test.ts
View File

@@ -102,6 +102,16 @@ describe("exec approvals allowlist matching", () => {
});
expect(match?.pattern).toBe("/usr/bin/*++");
});
it("matches paths containing []() regex tokens literally", () => {
const literalPattern = "/opt/builds/tool[1](stable)";
const match = matchAllowlist([{ pattern: literalPattern }], {
rawExecutable: literalPattern,
resolvedPath: literalPattern,
executableName: "tool[1](stable)",
});
expect(match?.pattern).toBe(literalPattern);
});
});
describe("mergeExecApprovalsSocketDefaults", () => {