mirror of
https://github.com/OpenRouterTeam/spawn.git
synced 2026-04-28 11:59:29 +00:00
a29d0d8a15
Fixes #3070 The port_check / port_check_r variables stored executable shell code as strings and expanded them via ${port_check} inside cloud_exec commands. This is an eval-equivalent pattern: if any part of the variable were ever derived from dynamic input, it would be directly exploitable as command injection. Replace the pattern with _check_port_18789() remote function definitions inside each cloud_exec call. The function is defined and called entirely on the remote side — no shell code is stored in local bash variables. Affected functions: - _openclaw_ensure_gateway (2 usages) - _openclaw_restart_gateway (1 usage) - _openclaw_verify_gateway_resilience (3 usages) Agent: security-auditor Co-authored-by: B <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| aws | ||
| cli | ||
| digitalocean | ||
| docker | ||
| e2e | ||
| gcp | ||
| hetzner | ||
| local | ||
| shared | ||
| sprite | ||
| test | ||