farcasclaudiu/openclaw
1
0
Fork 0
mirror of https://github.com/farcasclaudiu/openclaw.git synced 2026-06-22 07:01:44 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): restrict hook transform module loading

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-14 13:45:58 +01:00
parent 6543ce717c
commit a0361b8ba9
7 changed files with 199 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/automation/gmail-pubsub.md
+1 -1
View File
@@ -88,7 +88,7 @@ Notes:
To disable (dangerous), set `hooks.gmail.allowUnsafeExternalContent: true`.
To customize payload handling further, add `hooks.mappings` or a JS/TS transform module
under `hooks.transformsDir` (see [Webhooks](/automation/webhook)).
under `~/.openclaw/hooks/transforms` (see [Webhooks](/automation/webhook)).
## Wizard (recommended)
docs/automation/webhook.md
+1 -1
View File
@@ -139,7 +139,7 @@ Mapping options (summary):
- `hooks.presets: ["gmail"]` enables the built-in Gmail mapping.
- `hooks.mappings` lets you define `match`, `action`, and templates in config.
- `hooks.transformsDir` + `transform.module` loads a JS/TS module for custom logic.
- `hooks.transformsDir` + `transform.module` loads a JS/TS module for custom logic (restricted to `~/.openclaw/hooks/transforms`).
- Use `match.source` to keep a generic ingest endpoint (payload-driven routing).
- TS transforms require a TS loader (e.g. `bun` or `tsx`) or precompiled `.js` at runtime.
- Set `deliver: true` + `channel`/`to` on mappings to route replies to a chat surface
docs/gateway/configuration-examples.md
+2 -2
View File
@@ -363,7 +363,7 @@ Save to `~/.openclaw/openclaw.json` and you can DM the bot from that number.
path: "/hooks",
token: "shared-secret",
presets: ["gmail"],
transformsDir: "~/.openclaw/hooks",
transformsDir: "~/.openclaw/hooks/transforms",
mappings: [
{
id: "gmail-hook",
@@ -380,7 +380,7 @@ Save to `~/.openclaw/openclaw.json` and you can DM the bot from that number.
thinking: "low",
timeoutSeconds: 300,
transform: {
module: "./transforms/gmail.js",
module: "gmail.js",
export: "transformGmail",
},
},
docs/gateway/configuration-reference.md
+1 -1
View File
@@ -1987,7 +1987,7 @@ See [Multiple Gateways](/gateway/multiple-gateways).
allowedSessionKeyPrefixes: ["hook:"],
allowedAgentIds: ["hooks", "main"],
presets: ["gmail"],
transformsDir: "~/.openclaw/hooks",
transformsDir: "~/.openclaw/hooks/transforms",
mappings: [
{
match: { path: "gmail" },