fix(exec): block risky host env overrides (#58209)

* fix(exec): block risky host env overrides * fix(exec): block GOPRIVATE host env overrides
2026-04-25 23:47:20 +00:00 · 2026-03-31 19:37:43 +09:00
parent 57c47d8c7f
commit eb8de6715f
4 changed files with 200 additions and 0 deletions
--- a/apps/macos/Sources/OpenClaw/HostEnvSecurityPolicy.generated.swift
+++ b/apps/macos/Sources/OpenClaw/HostEnvSecurityPolicy.generated.swift
@@ -85,10 +85,36 @@ enum HostEnvSecurityPolicy {
        "PIP_INDEX_URL",
        "PIP_PYPI_URL",
        "PIP_EXTRA_INDEX_URL",
+        "PIP_CONFIG_FILE",
+        "PIP_FIND_LINKS",
+        "PIP_TRUSTED_HOST",
        "UV_INDEX",
        "UV_INDEX_URL",
        "UV_EXTRA_INDEX_URL",
        "UV_DEFAULT_INDEX",
+        "DOCKER_HOST",
+        "DOCKER_TLS_VERIFY",
+        "DOCKER_CERT_PATH",
+        "DOCKER_CONTEXT",
+        "LIBRARY_PATH",
+        "CPATH",
+        "C_INCLUDE_PATH",
+        "CPLUS_INCLUDE_PATH",
+        "OBJC_INCLUDE_PATH",
+        "NODE_EXTRA_CA_CERTS",
+        "SSL_CERT_FILE",
+        "SSL_CERT_DIR",
+        "REQUESTS_CA_BUNDLE",
+        "CURL_CA_BUNDLE",
+        "GOPROXY",
+        "GONOSUMCHECK",
+        "GONOSUMDB",
+        "GONOPROXY",
+        "GOPRIVATE",
+        "GOENV",
+        "GOPATH",
+        "PYTHONUSERBASE",
+        "VIRTUAL_ENV",
        "LUA_PATH",
        "LUA_CPATH",
        "GEM_HOME",