openclaw

github/openclaw

Fork 0

mirror of https://github.com/openclaw/openclaw.git synced 2026-02-19 18:39:20 -05:00

Commit Graph

Author	SHA1	Message	Date
Peter Steinberger	ee1d6427b5	fix(security): enforce symlink-safe skill packaging	2026-02-19 10:56:17 +01:00
aether-ai-agent	c275932aa4	fix(security): OC-22 prevent Zip Slip and symlink following in skill packaging This commit implements critical security fixes for vulnerability OC-22 (CVSS 7.7, CWE-426) in the skill packaging system. ## Security Fixes 1. Symlink Detection and Rejection - Added check to detect and reject symlinks in skill directories - Prevents attackers from including arbitrary system files via symlink following - Rejects packaging with error message if any symlink is found 2. Path Traversal (Zip Slip) Prevention - Added validation for arcname paths in zip archives - Rejects paths containing ".." (directory traversal) - Rejects absolute paths that could escape skill directory - Prevents attackers from overwriting system files during extraction ## Attack Vectors Mitigated - Symlink following: Attacker creates symlink to /etc/passwd or other sensitive files in skill directory → now rejected - Zip Slip: Attacker crafts paths with "../../root/.bashrc" to overwrite system files during extraction → now rejected ## Changes - Modified: skills/skill-creator/scripts/package_skill.py - Added symlink check (line 73-76) - Added path validation check (line 84-87) - Enhanced error messages for security violations - Added: skills/skill-creator/scripts/test_package_skill.py - Comprehensive test suite with 11 test cases - Tests for symlink rejection - Tests for path traversal prevention - Tests for normal file packaging - Tests for edge cases (nested files, multiple files, large skills) ## Testing All 11 tests pass: - test_normal_file_packaging: Normal files packaged correctly - test_symlink_rejection: Symlinks detected and rejected - test_symlink_to_sensitive_file: Sensitive file symlinks rejected - test_zip_slip_prevention: Normal subdirectories work properly - test_absolute_path_prevention: Path validation logic tested - test_nested_files_allowed: Properly nested files allowed - test_multiple_files_with_symlink_mixed: Single symlink fails entire package - test_large_skill_with_many_files: Large skills handled correctly - test_missing_skill_directory: Error handling verified - test_file_instead_of_directory: Error handling verified - test_missing_skill_md: Error handling verified	2026-02-19 10:56:17 +01:00
Peter Steinberger	7006a4aad3	feat: add skill-creator bundled skill	2026-01-11 10:42:56 +00:00

Author

SHA1

Message

Date

Peter Steinberger

ee1d6427b5

fix(security): enforce symlink-safe skill packaging

2026-02-19 10:56:17 +01:00

aether-ai-agent

c275932aa4

fix(security): OC-22 prevent Zip Slip and symlink following in skill packaging

This commit implements critical security fixes for vulnerability OC-22
(CVSS 7.7, CWE-426) in the skill packaging system.

## Security Fixes

1. Symlink Detection and Rejection
   - Added check to detect and reject symlinks in skill directories
   - Prevents attackers from including arbitrary system files via symlink following
   - Rejects packaging with error message if any symlink is found

2. Path Traversal (Zip Slip) Prevention
   - Added validation for arcname paths in zip archives
   - Rejects paths containing ".." (directory traversal)
   - Rejects absolute paths that could escape skill directory
   - Prevents attackers from overwriting system files during extraction

## Attack Vectors Mitigated

- Symlink following: Attacker creates symlink to /etc/passwd or other
  sensitive files in skill directory → now rejected
- Zip Slip: Attacker crafts paths with "../../root/.bashrc" to overwrite
  system files during extraction → now rejected

## Changes

- Modified: skills/skill-creator/scripts/package_skill.py
  - Added symlink check (line 73-76)
  - Added path validation check (line 84-87)
  - Enhanced error messages for security violations

- Added: skills/skill-creator/scripts/test_package_skill.py
  - Comprehensive test suite with 11 test cases
  - Tests for symlink rejection
  - Tests for path traversal prevention
  - Tests for normal file packaging
  - Tests for edge cases (nested files, multiple files, large skills)

## Testing

All 11 tests pass:
- test_normal_file_packaging: Normal files packaged correctly
- test_symlink_rejection: Symlinks detected and rejected
- test_symlink_to_sensitive_file: Sensitive file symlinks rejected
- test_zip_slip_prevention: Normal subdirectories work properly
- test_absolute_path_prevention: Path validation logic tested
- test_nested_files_allowed: Properly nested files allowed
- test_multiple_files_with_symlink_mixed: Single symlink fails entire package
- test_large_skill_with_many_files: Large skills handled correctly
- test_missing_skill_directory: Error handling verified
- test_file_instead_of_directory: Error handling verified
- test_missing_skill_md: Error handling verified

2026-02-19 10:56:17 +01:00

Peter Steinberger

7006a4aad3

feat: add skill-creator bundled skill

2026-01-11 10:42:56 +00:00

3 Commits