Ayuriel/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
openclaw/src/security
History
David Rudduck f1e1ad73ad
fix(security): SHA-256 hash before timingSafeEqual to prevent length leak (#20856) 
The previous implementation returned early when buffer lengths differed,
leaking the expected secret's length via timing side-channel. Hashing both
inputs with SHA-256 before comparison ensures fixed-length buffers and
constant-time comparison regardless of input lengths.
2026-02-19 03:16:35 -08:00
..
audit-channel.ts
refactor(security): share DM allowlist state resolver
2026-02-18 23:58:11 +00:00
audit-extra.async.ts
refactor(security): share installed plugin directory scan helper
2026-02-19 00:29:07 +00:00
audit-extra.sync.test.ts
perf(test): fold secret equality assertions into audit extra suite
2026-02-16 00:18:27 +00:00
audit-extra.sync.ts
fix: enforce hooks token separation from gateway auth (#20813)
2026-02-19 02:48:08 -08:00
audit-extra.ts
fix(security): harden sandbox docker config validation
2026-02-16 03:04:06 +01:00
audit-fs.ts
Doctor/Security: fix telegram numeric ID + symlink config permission warnings (#19844)
2026-02-18 00:09:51 -08:00
audit-tool-policy.ts
refactor(core): dedupe tool policy and IPv4 matcher logic
2026-02-16 16:14:54 +00:00
audit.test.ts
fix(security): block plaintext WebSocket connections to non-loopback addresses (#20803)
2026-02-19 03:13:08 -08:00
audit.ts
Doctor/Security: fix telegram numeric ID + symlink config permission warnings (#19844)
2026-02-18 00:09:51 -08:00
channel-metadata.ts
fix(security): separate untrusted channel metadata from system prompt (thanks @KonstantinMirin)
2026-02-03 23:02:45 -08:00
dangerous-tools.ts
refactor(security): centralize dangerous tool lists
2026-02-14 13:27:05 +01:00
dm-policy-shared.test.ts
refactor(security): share DM allowlist state resolver
2026-02-18 23:58:11 +00:00
dm-policy-shared.ts
refactor(security): share DM allowlist state resolver
2026-02-18 23:58:11 +00:00
external-content.test.ts
refactor(core): dedupe shared config and runtime helpers
2026-02-16 14:59:30 +00:00
external-content.ts
fix(security): handle additional Unicode angle bracket homoglyphs in content sanitization (#14665)
2026-02-13 16:18:54 +01:00
fix.test.ts
refactor(core): dedupe shared config and runtime helpers
2026-02-16 14:59:30 +00:00
fix.ts
style: align formatting with oxfmt 0.33
2026-02-18 01:34:35 +00:00
scan-paths.ts
refactor(security): share scan path helpers
2026-02-15 04:29:18 +00:00
secret-equal.ts
fix(security): SHA-256 hash before timingSafeEqual to prevent length leak (#20856)
2026-02-19 03:16:35 -08:00
skill-scanner.test.ts
security: add skill/plugin code safety scanner (#9806)
2026-02-05 16:06:11 -08:00
skill-scanner.ts
refactor(security): reuse shared scan path containment helper
2026-02-19 00:20:15 +00:00
windows-acl.test.ts
fix: stabilize windows acl tests and command auth registry (#9335) (thanks @M00N7682)
2026-02-05 00:38:35 -08:00
windows-acl.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00