let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(security): default-deny command execution

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-17 08:27:52 +00:00
parent d8b463d0b3
commit 56f3a2de25
36 changed files with 247 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/gateway/ws-log.ts
View File

@@ -1,10 +1,15 @@
import chalk from "chalk";
import { isVerbose } from "../globals.js";
import { getDefaultRedactPatterns, redactSensitiveText } from "../logging/redact.js";
import { shouldLogSubsystemToConsole } from "../logging.js";
import { DEFAULT_WS_SLOW_MS, getGatewayWsLogStyle } from "./ws-logging.js";
const LOG_VALUE_LIMIT = 240;
const UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
const WS_LOG_REDACT_OPTIONS = {
mode: "tools" as const,
patterns: getDefaultRedactPatterns(),
};
type WsInflightEntry = {
ts: number;
@@ -61,7 +66,8 @@ export function formatForLog(value: unknown): string {
? String(value)
: JSON.stringify(value);
if (!str) return "";
return str.length > LOG_VALUE_LIMIT ? `${str.slice(0, LOG_VALUE_LIMIT)}...` : str;
const redacted = redactSensitiveText(str, WS_LOG_REDACT_OPTIONS);
return redacted.length > LOG_VALUE_LIMIT ? `${redacted.slice(0, LOG_VALUE_LIMIT)}...` : redacted;
} catch {
return String(value);
}