security: address CodeQL high-severity findings#154
Merged
solomon2773 merged 2 commits intomasterfrom Apr 23, 2026
Merged
Conversation
- agent-runtime/lib/server.ts:
* Convert the OpenClaw chat fallback from execSync (shell template with
JSON.stringify, not shell-safe) to execFileSync with an argv array so
the request-body `content` cannot break out (CodeQL #1).
* Document the /exec endpoint as the intentional terminal surface of the
agent runtime — command execution there is by design and isolated by
the container sandbox, not by the endpoint (CodeQL #2 acknowledged).
- workers/provisioner/backends/proxmox.ts: gate rejectUnauthorized behind
PROXMOX_VERIFY_TLS=true so operators with CA trust wired up can opt in;
default remains permissive for standard on-prem self-signed Proxmox
(CodeQL #11).
- backend-api/routes/auth.ts: move email length check before the EMAIL_RE
test so unbounded inputs can never drive regex backtracking cost
(CodeQL #13).
- backend-api/agentMigrations.ts: split /^\/+|\/+$/g into two sequential
anchored replaces; no behavior change, defuses the alternation CodeQL
treats as polynomial (CodeQL #12).
- backend-api/routes/integrations.ts: fold e.message into the template
literal instead of passing it as a separate console.warn argument, so
the error text can't be interpreted as a format string (CodeQL #4, #5).
Verified: 303/303 backend tests, 6/6 agent-runtime tests, eslint + prettier
clean on all five files.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Two new alerts surfaced when CodeQL re-analyzed the followup branch: 1. Critical SSRF on agent-runtime/lib/server.ts:427 — the body.channelId interpolation still reaches fetch() without encoding on this branch because the encodeURIComponent fix lived only on fix/codeql-critical- ssrf. Bring that same fix into this branch so either PR can land independently without leaving a window where channelId reaches fetch raw. (Both PRs produce the same edits here; git will no-op on whichever merges second.) 2. High polynomial-regex on backend-api/agentMigrations.ts:340 — even after splitting the alternation, CodeQL still flags /\/+$/ over a value whose provenance it cannot prove bounded. Replace the regex with explicit charCodeAt-based trimming of leading/trailing U+002F — strictly linear, no regex engine involved, same observable behavior. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
contentcannot break out (CodeQL Welcome to Nora #1).Verified: 303/303 backend tests, 6/6 agent-runtime tests, eslint + prettier clean on all five files.
Summary
Validation
Release And Docs Checklist
architecture.md) if this PR changes architecture, deployment topology, component responsibilities, or major data flow.Reviewed for release:marker inarchitecture.md.