Security: add hardening module and secure-bot extension#7346
Security: add hardening module and secure-bot extension#7346AlphonseC wants to merge 3 commits intoopenclaw:mainfrom
Conversation
- Add src/security/hardening.ts with comprehensive security utilities: - Cryptographically secure token generation - Input validation and sanitization - Path traversal prevention - File permission hardening - Rate limiting implementation - Security headers helper - Audit logging utilities - Add extensions/secure-bot with AI bot security features: - Prompt injection detection with 20+ patterns - Access control lists (allow/block/admin) - Rate limiting per user - Sensitive data redaction (PII, API keys) - Security event logging and metrics - Configurable security policies - Add comprehensive test suite for hardening module https://claude.ai/code/session_0152DnGhhwvDXMppXwT6dtPz
| export function sanitizePath(inputPath: string, baseDir: string): string | null { | ||
| const path = require("node:path"); | ||
|
|
There was a problem hiding this comment.
[P0] sanitizePath uses CommonJS require() in an ESM TypeScript module.
In this repo, src/**/*.ts is ESM (import ... from "node:path"), so require("node:path") will throw at runtime in ESM contexts. This will break any code path that calls sanitizePath.
| export function sanitizePath(inputPath: string, baseDir: string): string | null { | |
| const path = require("node:path"); | |
| import * as path from "node:path"; |
Prompt To Fix With AI
This is a comment left during a code review.
Path: src/security/hardening.ts
Line: 226:228
Comment:
[P0] `sanitizePath` uses CommonJS `require()` in an ESM TypeScript module.
In this repo, `src/**/*.ts` is ESM (`import ... from "node:path"`), so `require("node:path")` will throw at runtime in ESM contexts. This will break any code path that calls `sanitizePath`.
```suggestion
import * as path from "node:path";
```
How can I resolve this? If you propose a fix, please make it concise.| "license": "MIT", | ||
| "peerDependencies": { | ||
| "openclaw": "*" | ||
| }, | ||
| "devDependencies": { | ||
| "openclaw": "workspace:*", | ||
| "typescript": "^5.3.0", | ||
| "vitest": "^1.0.0" | ||
| }, | ||
| "files": [ |
There was a problem hiding this comment.
[P0] Plugin install will omit devDependencies, but typescript/vitest are only in devDependencies and there is no dist/ committed.
Per repo guidelines, plugin installs run npm install --omit=dev in the extension dir. With the current files: ["dist", ...] and no build-on-install script, a published package will ship without compiled JS and can't run. Either ship prebuilt dist in the published tarball or move any runtime-required deps/scripts accordingly.
Prompt To Fix With AI
This is a comment left during a code review.
Path: extensions/secure-bot/package.json
Line: 27:36
Comment:
[P0] Plugin install will omit `devDependencies`, but `typescript`/`vitest` are only in `devDependencies` and there is no `dist/` committed.
Per repo guidelines, plugin installs run `npm install --omit=dev` in the extension dir. With the current `files: ["dist", ...]` and no build-on-install script, a published package will ship without compiled JS and can't run. Either ship prebuilt `dist` in the published tarball or move any runtime-required deps/scripts accordingly.
How can I resolve this? If you propose a fix, please make it concise.| // Export security engine for direct access | ||
| export { SecurityEngine, securityEngine, DEFAULT_CONFIG }; | ||
|
|
||
| // Export types | ||
| export type { SecureBotConfig, SecurityEvent, SecurityEventType, SecurityMetrics }; | ||
|
|
||
| export default plugin; |
There was a problem hiding this comment.
[P1] Duplicate exports for the same types.
SecureBotConfig, SecurityEvent, SecurityEventType, and SecurityMetrics are already exported as export type ... where they are declared, then re-exported again at the bottom. This tends to trip linting/TS settings (duplicate export) and makes the public surface harder to reason about.
Also appears in the same file for other already-exported items: DEFAULT_CONFIG is exported twice (const + re-export).
Prompt To Fix With AI
This is a comment left during a code review.
Path: extensions/secure-bot/src/index.ts
Line: 669:675
Comment:
[P1] Duplicate exports for the same types.
`SecureBotConfig`, `SecurityEvent`, `SecurityEventType`, and `SecurityMetrics` are already exported as `export type ...` where they are declared, then re-exported again at the bottom. This tends to trip linting/TS settings (duplicate export) and makes the public surface harder to reason about.
Also appears in the same file for other already-exported items: `DEFAULT_CONFIG` is exported twice (const + re-export).
How can I resolve this? If you propose a fix, please make it concise.| const meta: ChannelMeta = { | ||
| id: "secure-bot", | ||
| label: "Secure Bot", | ||
| description: "Security-hardened AI bot with enhanced protection features", | ||
| emoji: "🛡️", | ||
| color: "#4CAF50", | ||
| docs: "https://docs.openclaw.ai/extensions/secure-bot", | ||
| }; |
There was a problem hiding this comment.
[P1] Hardcoded docs URL likely wrong.
meta.docs points to https://docs.openclaw.ai/extensions/secure-bot, but the README and repo don't add the corresponding docs page in this PR. If this page doesn't exist, the in-product docs link will be broken for users.
Prompt To Fix With AI
This is a comment left during a code review.
Path: extensions/secure-bot/src/index.ts
Line: 555:562
Comment:
[P1] Hardcoded docs URL likely wrong.
`meta.docs` points to `https://docs.openclaw.ai/extensions/secure-bot`, but the README and repo don't add the corresponding docs page in this PR. If this page doesn't exist, the in-product docs link will be broken for users.
How can I resolve this? If you propose a fix, please make it concise.新增資安漏洞修復模組,涵蓋 Top 10 漏洞:
1. Gateway 暴露於 0.0.0.0:18789
- 自動產生安全 token
- 強制 loopback 綁定
2. DM policy 允許所有使用者
- 偵測 open policy
- 自動切換為 allowlist
3. Sandbox 預設停用
- 啟用完整沙箱模式
- Docker 網路隔離
4. Credentials 明文儲存
- 強制 600/700 權限
- 目錄安全檢查
5. Prompt injection 透過 web content
- 20+ 注入模式偵測
- 自動包裝不信任內容
6. 危險命令未封鎖
- rm -rf, curl|sh 等封鎖清單
- 命令安全檢查函式
7. 無網路隔離
- Docker network=none
- 移除 DNS/extraHosts
8. 過高工具存取權限
- 最小權限建議
- 工具白名單
9. 無稽核日誌
- 啟用日誌遮蔽
- Session 記錄建議
10. 弱配對碼
- 12 字元安全碼
- 移除易混淆字元
https://claude.ai/code/session_0152DnGhhwvDXMppXwT6dtPz
新增 Python 依賴檔案,用於: - 整合 OpenClaw Gateway API - 自動化安全稽核腳本 - WebSocket 客戶端連接 https://claude.ai/code/session_0152DnGhhwvDXMppXwT6dtPz
bfc1ccb to
f92900f
Compare
|
Please make this as a third-party plugin that you maintain yourself in your own repo. Docs: https://docs.openclaw.ai/plugin. Feel free to open a PR after to add it to our community plugins page: https://docs.openclaw.ai/plugins/community |
Add src/security/hardening.ts with comprehensive security utilities:
Add extensions/secure-bot with AI bot security features:
Add comprehensive test suite for hardening module
https://claude.ai/code/session_0152DnGhhwvDXMppXwT6dtPz
Greptile Overview
Greptile Summary
Adds a new
src/security/hardening.tsmodule with helpers for token generation, input/path validation, file permission hardening, config hardening/auditing, a simple in-memory rate limiter, and recommended HTTP security headers, along with a Vitest test suite.Also introduces a new workspace extension package
@openclaw/secure-botimplementing a channel plugin that applies access control, rate limiting, prompt-injection pattern detection, and redaction to inbound/outbound messages, plus basic schema/defaults for configuration.Confidence Score: 2/5
sanitizePathusesrequire()inside an ESM TS module, which will throw at runtime when invoked. Separately, the@openclaw/secure-botpackage is configured to publishdist/but does not build or include compiled output, and plugin installs omit devDependencies, so the extension is likely non-functional when installed normally. Other issues are lower severity (duplicate exports, potentially broken docs link).(2/5) Greptile learns from your feedback when you react with thumbs up/down!
Context used:
dashboard- CLAUDE.md (source)dashboard- AGENTS.md (source)