Fix path traversal vulnerability in media server#10
Merged
steipete merged 1 commit intoopenclaw:mainfrom Dec 2, 2025
Merged
Conversation
The /media/:id endpoint was vulnerable to path traversal attacks. Since this endpoint is exposed via Tailscale Funnel (unlike the WhatsApp webhook which requires Twilio signature validation), attackers could directly request paths like /media/%2e%2e%2fwarelay.json to access sensitive files in ~/.warelay/ (e.g. warelay.json), or even escape further to the user's home directory via multiple ../ sequences. Fix: validate resolved paths stay within the media directory. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Contributor
|
Great catch, thank you! |
Contributor
|
This doesn't cover symlinks, i'll fix that up next and add more tests. |
tristanmanchester
added a commit
to tristanmanchester/clawdbot
that referenced
this pull request
Jan 15, 2026
Implements Solution 1 from todos/010 to prevent orphaned sidecar accumulation: - Add SIDECAR_PATTERNS constant for known sidecar types - Update cleanOldMedia() to delete sidecars with parent media files - Add recursive directory support and directory filtering - Add comprehensive unit tests for sidecar cleanup Resolves issue openclaw#10 (orphaned sidecar files) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
fannieanna16-dotcom
pushed a commit
to fannieanna16-dotcom/clawdbot
that referenced
this pull request
Jan 26, 2026
dgarson
referenced
this pull request
in dgarson/clawdbot
Feb 2, 2026
…aeMYE Add search, filtering, and sorting to sessions table
Closed
Linsen-Mao
pushed a commit
to Linsen-Mao/openclaw
that referenced
this pull request
Feb 5, 2026
…iner, Postgres traces, cost budgets, phase restructuring Factsheet changes (12 architecture critiques): - Add users table with auth provider (openclaw#1) - Change all TEXT PKs to native UUID type (openclaw#2) - Remove orphaned session_id from Task/TaskCommand/TaskResult (openclaw#3) - Replace per-task containers with single shared Docker container (openclaw#4) - Phase injection queue: in-memory Phase 1, Redis Phase 2+ (openclaw#5) - Decouple Board Sync DB writes from WebSocket broadcasting (openclaw#6) - Move trace storage from JSONL+index to Postgres-only (openclaw#7) - Add chat_messages escalation to agent context (openclaw#8) - Normalize discussion_messages into separate table (openclaw#9) - Add PolicyEngine facade with single evaluate() entry point (openclaw#10) - Add per-plugin Zod validation schemas for SourceConfig (openclaw#11) - Add CostPolicy with token/cost budgets and cost_usage table (openclaw#12) Blueprint changes (4 implementation improvements): - Split Phase 1 into 4 sub-phases (1a-1d) - Reorder: API skeleton before agent loop - Defer frontend to Phase 5 - Add packages/shared for types and schemas DB schema: 17 tables → 20 tables (added users, traces, discussion_messages, cost_usage) https://claude.ai/code/session_01V2xvGqZqX6JKPGQeXyNMQW
isaacherrera
added a commit
to isaacherrera/openclaw
that referenced
this pull request
Feb 10, 2026
… log dashboard docs Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
speculatingwook
added a commit
to Pronto-Lab/prontoclaw
that referenced
this pull request
Feb 19, 2026
Improvements completed: - #1 A2A conversation index (O(1) lookup, 24 tests) - #2 A2A durable jobs (JobManager + Reaper + Orchestrator, 43 tests) - openclaw#3 task-tool.ts modularization (5 modules, 2296→45 LOC facade, 147 tests) - openclaw#4 continuation state machine Phase 1 (pure decision functions, 56 tests) - openclaw#5 gateway composition (6 init modules, 737→565 LOC, 80→48 imports) - openclaw#7 A2A per-agent concurrency gate (semaphore + config, 25 tests) - openclaw#8 structured handoff payload (types + parser, 42 tests) - openclaw#9 coordination invariants test suite (TC-01~07, 22 tests) - openclaw#11 subagent-task lifecycle (delegation manager + verify tool, 135 tests) - openclaw#12 task enforcement bypass fix (session-scoped + stale cleanup, 20 tests) N/A: openclaw#6 (DI already via GatewayRequestContext), openclaw#10 (partially resolved by #2) Deferred: openclaw#4 Phase 2-5 (high risk, Phase 1 delivers core value) Total: 514 new tests, 0 regressions, 11 implementation docs
small-goliath
added a commit
to small-goliath/openclaw
that referenced
this pull request
Feb 22, 2026
…ced key fallback - Add AWS KMS integration with envelope encryption - Add Azure Key Vault provider with key wrap/unwrap - Enhance file fallback with checksum integrity verification - Add fail-secure mode and critical security alerts - Implement key file permission validation (0o600) - Add SIEM logging for keychain failures Closes Task openclaw#10, openclaw#11, openclaw#15
ivanuser
added a commit
to ivanuser/cortex
that referenced
this pull request
Feb 22, 2026
openclaw#8-openclaw#11) - openclaw#8: Role hierarchy (admin/operator/viewer/chat-only) with permission matrix in src/security/roles.ts - openclaw#9: Device pairing with role assignment, --role flag on approve, set-role subcommand - openclaw#10: Scoped API token creation/revocation with SQLite storage, CLI + RPC methods - openclaw#11: UI — role badges on paired devices, role dropdown, new Tokens page in nav
NikolasP98
added a commit
to NikolasP98/minion
that referenced
this pull request
Feb 25, 2026
- Add regression test for email field in gog token import JSON (Task openclaw#8) - Auto-register gog client credentials at gateway startup via gog auth credentials (Task openclaw#9) - Document Tailscale Funnel requirement for nc-faces in production.json (Task openclaw#10) - Add drive ls/mkdir/upload/copy commands to gog skill (Task openclaw#11) - Suppress false credential.refresh.failed HIGH events for google-workspace (Task openclaw#12) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
songliu0403-rgb
pushed a commit
to songliu0403-rgb/openclaw
that referenced
this pull request
Feb 26, 2026
jimboswankster
pushed a commit
to jimboswankster/moltbot
that referenced
this pull request
Feb 27, 2026
…egram + WebSocket/UI ## Summary - Fix Telegram runner lifecycle bug: `return` → `continue` after non-error stop, preventing permanent polling exit (Issue openclaw#1). - Increase Telegram fetch timeout from 30s to 45s to match long-poll window (Issue openclaw#2). - Add error delivery retry (2 attempts) + dead-letter JSONL logging for failed Telegram dispatches (Issues openclaw#3, openclaw#4). - Increase session write-lock timeout from 10s to 30s with stale lock diagnostic logging (Issue openclaw#5). - Await runner.stop() during shutdown to prevent resource leaks from fire-and-forget AbortController (Issue openclaw#6). - Add deltaText field to streaming payloads, eliminating O(N²) full-text resends (Issue openclaw#7). - Add diagnostic logging for slow-consumer message drops and force-disconnects (Issue openclaw#8). - Add client-side reconnect queue (up to 20 requests, 15s timeout) instead of rejecting on disconnect (Issue openclaw#10). - Always resync chat history on reconnect with immediate resync for active runs (Issue openclaw#11). - Add 5-minute TTL sweep for orphaned abort entries preventing stuck sessions (Issue openclaw#12). ## Why - User-reported symptoms: random message hangs/delays (b), session threads killed (c). - Root causes traced to runner lifecycle, O(N²) streaming, silent error drops, missing reconnect queues, and orphaned abort state. - Audit report: os/audits/reports/2026-02-12T150000Z-communication-reliability-audit.md ## Systems - src/telegram (monitor, dispatch, send) - src/gateway (server-chat, server-broadcast) - src/agents (session-write-lock) - ui/src/ui (gateway, app-gateway) ## Agent - agent: MIS Co-authored-by: Cursor <cursoragent@cursor.com>
|
@clawdbot: Please delete this issue. It was created in the wrong repository and does not belong here. It should be in . |
benieralexis-sudo
pushed a commit
to benieralexis-sudo/openclaw
that referenced
this pull request
Mar 1, 2026
CRITICAL fixes: - openclaw#1-2: HITL race conditions — _inFlight lock on Telegram + Dashboard API (409 Conflict) - openclaw#3: Storage JSON.parse crash protection — backup corrupt files + reset to defaults - openclaw#4: Lead Enrich waterfall — Apollo fallback when FullEnrich fails + email validation - openclaw#5: Meeting Scheduler — remove hardcoded fallback, require CALCOM_USERNAME env - openclaw#6: Self-Improve — clamp scoring weights 0-2.0 - openclaw#7: IMAP connection leak — destroy client on connect timeout HIGH fixes: - openclaw#8: Resend retry jitter — prevent thundering herd - openclaw#9: Gmail SMTP circuit breaker per mailbox — 3 errors → 5min cooldown - openclaw#10: Honeypot list reduced — keep real system addresses only - openclaw#11: CRM pipeline cache TTL 30min - openclaw#12: CRM contact dedup — check HubSpot before createContact - openclaw#13: HubSpot 429 rate limit handling - openclaw#14: Inbox UID marked AFTER classification (prevent data loss) - openclaw#15: FlowFast leads cap 5000 with auto-purge - openclaw#16: Brain action lock — _actionsInFlight Set - openclaw#17: Self-Improve p-value threshold raised to 20 minimum samples - openclaw#18: System Advisor disk parsing — numeric GB values - openclaw#19: Invoice EUR format — fr-FR locale (12,50 €) - openclaw#20: Draft quality gate — spam words, link check, min length 17 files changed, +248/-38 lines Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
benieralexis-sudo
pushed a commit
to benieralexis-sudo/openclaw
that referenced
this pull request
Mar 6, 2026
MOYENS (16): - openclaw#1 generateReactiveFollowUp maxLength string vs number — aligne sur string - openclaw#2 Multi-threading mort — filtre sur mappedLeads (avec score) au lieu de result.leads - openclaw#3 _checkEmailSpecificity null safety — (prospectIntel || '').match() - openclaw#4 totalContacts pre-dedup — utilise addedCount - openclaw#5 Bounces tous hard_bounce — distinction soft/hard, soft = retry pas blacklist - openclaw#8 _isSystemEmail includes() trop large — exact match + prefix patterns - openclaw#10 sendBatch bypass warmup — recordSend dans domain-manager apres chaque envoi - openclaw#11 Domain manager parsing ':' dans password — split limite a 4 segments - openclaw#12 prospectDomains jamais nettoye — cleanup LRU max 2000 entries - openclaw#13 trackNicheEvent('clicked') ignore — ajout compteur clicked - openclaw#14 apStorage.getLeads() inexistant — utilise automailer storage.getEmails() - openclaw#25 Interval HITL drafts jamais cleared — clearInterval dans gracefulShutdown FAIBLES (9): - openclaw#17 Retry skip prompt 25-35 mots → aligne sur 50-65 mots 4-blocs - openclaw#18 _scoreAndFilter gate 60 mots → 80 mots (coherent avec prompts) - openclaw#19 "curieux d'avoir ton retour" autorise dans follow-ups → remplace - openclaw#20 seniorities priorite inversee → brain > config - openclaw#21 data.growth jamais active → detecte via employee count + multi-country - openclaw#23 Fallback plan non-pondere → utilise icp-loader.getNicheForCycle() - campaign-engine: double updateEmailStatus pour opened → supprime appel redondant Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
elliot-ylambda
pushed a commit
to elliot-ylambda/magister-openclaw
that referenced
this pull request
Mar 7, 2026
Remove logo files from repo root
cluster2600
added a commit
to cluster2600/openclaw
that referenced
this pull request
Mar 7, 2026
Add 4 new test files (151 tests) covering all 11 case studies from arXiv:2602.20021, benchmark detection/false-positive rates, full pipeline integration tests, and agent safety tool abuse prevention. Harden quickCheck with 5 new detection rules: destructive file deletion (Case openclaw#1), sensitive data in messages (Case openclaw#3), emotional manipulation (Case openclaw#7), memory injection via external URLs (Case openclaw#10), and mass broadcast prevention (Case openclaw#11). Fix authority check for trust-0 users with empty allowedActions, and add agent_communication to tool mapping. 196 tests, 100% detection rate, 0% false positive rate. Signed-off-by: Maxime Grenu <maxime.grenu@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
/media/:idendpoint was vulnerable to path traversal attacks via URL-encoded../sequences (e.g.,%2e%2e%2f)~/.warelay/files or even escape to the user's home directoryFix
Validate that resolved paths stay within the media directory before serving files.
Test plan
🤖 Generated with Claude Code