Skip to content

Commit 3b219e7

Browse files
luoyanglangluoyanglang
committed
fix(security): include Windows home env roots
1 parent aee2e4c commit 3b219e7

1 file changed

Lines changed: 7 additions & 0 deletions

File tree

src/agents/sandbox/validate-sandbox-security.ts

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -156,6 +156,7 @@ function getBlockedHostPaths(): string[] {
156156
home: process.env.HOME,
157157
openclawHome: process.env.OPENCLAW_HOME,
158158
osHome: os.homedir(),
159+
userProfile: process.env.USERPROFILE,
159160
});
160161
if (blockedHostPathsCache?.key === cacheKey) {
161162
return blockedHostPathsCache.paths;
@@ -173,9 +174,15 @@ function getBlockedHostPaths(): string[] {
173174
function getBlockedHomeRoots(): string[] {
174175
const roots = new Set<string>();
175176
for (const candidate of [
177+
process.env.OPENCLAW_HOME,
178+
process.env.HOME,
179+
process.env.USERPROFILE,
176180
resolveRequiredHomeDir(process.env, os.homedir),
177181
resolveRequiredOsHomeDir(process.env, os.homedir),
178182
]) {
183+
if (!candidate) {
184+
continue;
185+
}
179186
const normalized = normalizeHostPath(candidate);
180187
if (normalized !== "/") {
181188
roots.add(normalized);

0 commit comments

Comments
 (0)