mirror of
https://github.com/openclaw/openclaw.git
synced 2026-07-11 14:34:32 +08:00
* fix(security): serialize exec approval mutations * fix(security): preserve additive approval writes * test(cli): expect normalized approval shape * fix(security): preserve exec approval compatibility * test(security): exercise locked approval initialization * test(security): mock serialized approval helpers * test(exec): derive enforced command path from plan * fix(gateway): always return approval CAS conflicts * fix(macos): serialize exec approvals writes * fix(security): repair approval build errors * fix(security): serialize exec approval mutations * fix(security): fail closed on approval persistence errors * test(security): cover detached approval persistence failures * fix(security): harden exec approval state * style(macos): format exec approval sources * fix(security): complete exec approval hardening Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com> * fix(macos): preserve approved login-shell semantics * fix(macos): keep login shell approvals one-shot * fix(security): linearize exec authorization Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com> * fix(security): preserve durable approval basis Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com> * fix(security): bind exec grants to current policy Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com> * test(security): fix exec revocation fixtures * test(security): align gateway approval fixtures * fix(macos): return approval decisions * chore(i18n): sync native approval strings * test(security): align approval hardening fixtures * test(node): authorize completed event fixture * test(security): fix approval decision fixtures * test(security): await durable approval visibility * fix(exec): preserve concurrent approval grants * fix(exec): address exact-head CI failures * fix(exec): preserve concurrent approval promotions * fix(exec): make Swift shutdown state explicit * test(macos): handle approval read failures * fix(macos): harden approval socket paths * fix(macos): preserve exact shell payload bytes * test(macos): make approval fixtures explicit * test(macos): fix approval suite compilation * fix(macos): bound approval socket JSONL reads * chore: move exec approval note to release process * chore: move exec approval note to release process --------- Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com>
214 lines
7.6 KiB
Swift
214 lines
7.6 KiB
Swift
import Foundation
|
|
|
|
enum ExecShellWrapperParser {
|
|
struct ParsedShellWrapper {
|
|
let isWrapper: Bool
|
|
let command: String?
|
|
|
|
static let notWrapper = ParsedShellWrapper(isWrapper: false, command: nil)
|
|
static let blockedWrapper = ParsedShellWrapper(isWrapper: true, command: nil)
|
|
}
|
|
|
|
private enum Kind: Equatable {
|
|
case posix
|
|
case cmd
|
|
case powershell
|
|
}
|
|
|
|
private struct WrapperSpec {
|
|
let kind: Kind
|
|
let names: Set<String>
|
|
}
|
|
|
|
private static let posixInlineFlags = Set(["-lc", "-c", "--command"])
|
|
private static let powershellInlineFlags = Set(["-c", "-command", "--command"])
|
|
|
|
private static let wrapperSpecs: [WrapperSpec] = [
|
|
WrapperSpec(kind: .posix, names: ["ash", "sh", "bash", "zsh", "dash", "ksh", "fish"]),
|
|
WrapperSpec(kind: .cmd, names: ["cmd.exe", "cmd"]),
|
|
WrapperSpec(kind: .powershell, names: ["powershell", "powershell.exe", "pwsh", "pwsh.exe"]),
|
|
]
|
|
private static let loginStartupShellNames = Set(["ash", "bash", "dash", "fish", "ksh", "sh", "zsh"])
|
|
|
|
static func isShellWrapperExecutable(_ token: String) -> Bool {
|
|
let name = ExecCommandToken.basenameLower(token)
|
|
return self.wrapperSpecs.contains { $0.names.contains(name) }
|
|
}
|
|
|
|
static func extract(command: [String], rawCommand: String?) -> ParsedShellWrapper {
|
|
let trimmedRaw = rawCommand?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
|
|
let preferredRaw = trimmedRaw.isEmpty ? nil : trimmedRaw
|
|
return self.extract(
|
|
command: command,
|
|
preferredRaw: preferredRaw,
|
|
failClosedOnStartupWrappers: false,
|
|
depth: 0)
|
|
}
|
|
|
|
static func extractForAllowlist(command: [String], rawCommand: String?) -> ParsedShellWrapper {
|
|
let trimmedRaw = rawCommand?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
|
|
let preferredRaw = trimmedRaw.isEmpty ? nil : trimmedRaw
|
|
return self.extract(
|
|
command: command,
|
|
preferredRaw: preferredRaw,
|
|
failClosedOnStartupWrappers: true,
|
|
depth: 0)
|
|
}
|
|
|
|
private static func extract(
|
|
command: [String],
|
|
preferredRaw: String?,
|
|
failClosedOnStartupWrappers: Bool,
|
|
depth: Int) -> ParsedShellWrapper
|
|
{
|
|
guard depth < ExecEnvInvocationUnwrapper.maxWrapperDepth else {
|
|
return .notWrapper
|
|
}
|
|
guard let token0 = command.first?.trimmingCharacters(in: .whitespacesAndNewlines), !token0.isEmpty else {
|
|
return .notWrapper
|
|
}
|
|
|
|
let base0 = ExecCommandToken.basenameLower(token0)
|
|
if base0 == "env" {
|
|
guard let unwrapped = ExecEnvInvocationUnwrapper.unwrap(command) else {
|
|
return .notWrapper
|
|
}
|
|
return self.extract(
|
|
command: unwrapped,
|
|
preferredRaw: preferredRaw,
|
|
failClosedOnStartupWrappers: failClosedOnStartupWrappers,
|
|
depth: depth + 1)
|
|
}
|
|
|
|
guard let spec = wrapperSpecs.first(where: { $0.names.contains(base0) }) else {
|
|
return .notWrapper
|
|
}
|
|
if spec.kind == .posix,
|
|
base0 == "fish",
|
|
ExecInlineCommandParser.hasFishAttachedCommandOption(command)
|
|
{
|
|
return .blockedWrapper
|
|
}
|
|
let includeLegacyLoginInlineForm = failClosedOnStartupWrappers &&
|
|
!self.legacyLoginInlinePayloadMatchesRaw(
|
|
command: command,
|
|
spec: spec,
|
|
base0: base0,
|
|
preferredRaw: preferredRaw)
|
|
if self.startupWrapperRequiresFullArgv(
|
|
command: command,
|
|
spec: spec,
|
|
base0: base0,
|
|
includeLegacyLoginInlineForm: includeLegacyLoginInlineForm)
|
|
{
|
|
return .blockedWrapper
|
|
}
|
|
guard let payload = extractPayload(command: command, spec: spec) else {
|
|
return .notWrapper
|
|
}
|
|
let normalized = failClosedOnStartupWrappers ? payload : preferredRaw ?? payload
|
|
return ParsedShellWrapper(isWrapper: true, command: normalized)
|
|
}
|
|
|
|
private static func startupWrapperRequiresFullArgv(
|
|
command: [String],
|
|
spec: WrapperSpec,
|
|
base0: String,
|
|
includeLegacyLoginInlineForm: Bool) -> Bool
|
|
{
|
|
guard spec.kind == .posix else {
|
|
return false
|
|
}
|
|
if base0 == "fish",
|
|
ExecInlineCommandParser.hasFishInitCommandOption(command)
|
|
{
|
|
return true
|
|
}
|
|
if self.loginStartupShellNames.contains(base0),
|
|
ExecInlineCommandParser.hasPosixLoginStartupBeforeInlineCommand(
|
|
command,
|
|
flags: self.posixInlineFlags)
|
|
{
|
|
return includeLegacyLoginInlineForm || !self.isLegacyShLoginInlineForm(command, base0: base0)
|
|
}
|
|
return ExecInlineCommandParser.hasPosixInteractiveStartupBeforeInlineCommand(
|
|
command,
|
|
flags: self.posixInlineFlags)
|
|
}
|
|
|
|
private static func isLegacyLoginInlineForm(_ command: [String]) -> Bool {
|
|
guard command.count > 1 else {
|
|
return false
|
|
}
|
|
return command[1].trimmingCharacters(in: .whitespacesAndNewlines) == "-lc"
|
|
}
|
|
|
|
private static func isLegacyShLoginInlineForm(_ command: [String], base0: String) -> Bool {
|
|
base0 == "sh" && self.isLegacyLoginInlineForm(command)
|
|
}
|
|
|
|
private static func legacyLoginInlinePayloadMatchesRaw(
|
|
command: [String],
|
|
spec: WrapperSpec,
|
|
base0: String,
|
|
preferredRaw: String?) -> Bool
|
|
{
|
|
guard let preferredRaw,
|
|
base0 == "sh",
|
|
isLegacyLoginInlineForm(command),
|
|
let payload = extractPayload(command: command, spec: spec)
|
|
else {
|
|
return false
|
|
}
|
|
return payload == preferredRaw.trimmingCharacters(in: .whitespacesAndNewlines)
|
|
}
|
|
|
|
private static func extractPayload(command: [String], spec: WrapperSpec) -> String? {
|
|
switch spec.kind {
|
|
case .posix:
|
|
self.extractPosixInlineCommand(command)
|
|
case .cmd:
|
|
self.extractCmdInlineCommand(command)
|
|
case .powershell:
|
|
self.extractPowerShellInlineCommand(command)
|
|
}
|
|
}
|
|
|
|
private static func extractPosixInlineCommand(_ command: [String]) -> String? {
|
|
ExecInlineCommandParser.extractInlineCommand(
|
|
command,
|
|
flags: self.posixInlineFlags,
|
|
allowCombinedC: true)
|
|
}
|
|
|
|
private static func extractCmdInlineCommand(_ command: [String]) -> String? {
|
|
guard let idx = command
|
|
.firstIndex(where: { $0.trimmingCharacters(in: .whitespacesAndNewlines).lowercased() == "/c" })
|
|
else {
|
|
return nil
|
|
}
|
|
let tail = command.suffix(from: command.index(after: idx)).joined(separator: " ")
|
|
let payload = tail.trimmingCharacters(in: .whitespacesAndNewlines)
|
|
return payload.isEmpty ? nil : payload
|
|
}
|
|
|
|
private static func extractPowerShellInlineCommand(_ command: [String]) -> String? {
|
|
for idx in 1..<command.count {
|
|
let token = command[idx].trimmingCharacters(in: .whitespacesAndNewlines).lowercased()
|
|
if token.isEmpty {
|
|
continue
|
|
}
|
|
if token == "--" {
|
|
break
|
|
}
|
|
if self.powershellInlineFlags.contains(token) {
|
|
return ExecInlineCommandParser.extractInlineCommand(
|
|
command,
|
|
flags: self.powershellInlineFlags,
|
|
allowCombinedC: false)
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
}
|