feat: add agent config role management#12364
Conversation
|
Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f6c1d79a04
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if strings.HasPrefix(workspace, prefix) { | ||
| return resolveRoleDir(installDir, workspace), nil |
There was a problem hiding this comment.
This branch trusts any workspace that starts with an allowed prefix and returns resolveRoleDir(...) without canonicalizing or re-checking boundaries. A crafted value like /home/node/.openclaw/workspace-agent_/../../../../tmp passes here, and GetRoleMarkdownFiles / UpdateRoleMarkdownFiles then read or write files outside the agent install directory. Because the value comes from request JSON, an authenticated caller can escape the intended workspace root unless the resolved path is cleaned and verified to remain under approved directories.
Useful? React with 👍 / 👎.
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: wanghe-fit2cloud The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
3 participants
No description provided.