github/openclaw
1
1
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-02-19 18:39:20 -05:00
Code Issues Packages Projects Releases Wiki Activity

refactor(security): reuse shared allowlist normalization

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-18 23:48:23 +00:00
parent 54e9924fc3
commit 89a0b95af4
2 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/commands/doctor-security.ts
View File

@@ -6,6 +6,7 @@ import type { OpenClawConfig, GatewayBindMode } from "../config/config.js";
import { resolveGatewayAuth } from "../gateway/auth.js";
import { isLoopbackHost, resolveGatewayBindHost } from "../gateway/net.js";
import { readChannelAllowFromStore } from "../pairing/pairing-store.js";
import { normalizeStringEntries } from "../shared/string-normalization.js";
import { note } from "../terminal/note.js";
export async function noteSecurityWarnings(cfg: OpenClawConfig) {
@@ -84,7 +85,9 @@ export async function noteSecurityWarnings(cfg: OpenClawConfig) {
}) => {
const dmPolicy = params.dmPolicy;
const policyPath = params.policyPath ?? `${params.allowFromPath}policy`;
const configAllowFrom = (params.allowFrom ?? []).map((v) => String(v).trim());
const configAllowFrom = normalizeStringEntries(
Array.isArray(params.allowFrom) ? params.allowFrom : undefined,
);
const hasWildcard = configAllowFrom.includes("*");
const storeAllowFrom = await readChannelAllowFromStore(params.provider).catch(() => []);
const normalizedCfg = configAllowFrom

6
src/security/audit-channel.ts
View File

@@ -9,13 +9,11 @@ import { formatCliCommand } from "../cli/command-format.js";
import { resolveNativeCommandsEnabled, resolveNativeSkillsEnabled } from "../config/commands.js";
import type { OpenClawConfig } from "../config/config.js";
import { readChannelAllowFromStore } from "../pairing/pairing-store.js";
import { normalizeStringEntries } from "../shared/string-normalization.js";
import type { SecurityAuditFinding, SecurityAuditSeverity } from "./audit.js";
function normalizeAllowFromList(list: Array<string | number> | undefined | null): string[] {
if (!Array.isArray(list)) {
return [];
}
return list.map((v) => String(v).trim()).filter(Boolean);
return normalizeStringEntries(Array.isArray(list) ? list : undefined);
}
function classifyChannelWarningSeverity(message: string): SecurityAuditSeverity {