| Titel | nextlevelbuilder GoClaw 3.13.3-beta.3 Command Execution Policy Bypass (CWE-184) |
|---|
| Beschreibung | # Technical Details
A Command Execution Policy Bypass exists in the `matchesAllowlist` method in `internal/tools/exec_approval.go` of GoClaw.
The application fails to parse shell chaining operators before approval. The public `POST /v1/tools/invoke` endpoint accepts operator-controlled `args.command`, `matchesAllowlist(command)` approves the request if the first token matches the allowlist, and the host execution sink later passes the original command string to `/bin/sh -c`. A payload like `echo VULN_OK && touch /tmp/canary` is therefore approved because `echo` is allowlisted, while the chained `touch` command also executes.
# Vulnerable Code
File: internal/tools/exec_approval.go
Method: matchesAllowlist
Why: The code compares only `extractBin(command)` against the allowlist, while `internal/tools/shell.go` forwards the original string to `executeOnHost()` and `exec.Command(shellPath, "-c", command)`, so shell operators such as `&&` and `;` remain active.
# Reproduction
1. Configure GoClaw `3.13.3-beta.3` with the `exec` tool enabled, `security=allowlist`, `ask=off`, and an allowlist containing a leading command such as `echo`.
2. Invoke `POST /v1/tools/invoke` for `exec` with `args.command` set to `echo VULN_OK && touch /tmp/canary`.
3. Observe that the request succeeds and the non-allowlisted `touch` command creates the canary file.
# Impact
- Authenticated operators can execute additional non-allowlisted commands after an allowlisted prefix.
- This can lead to unauthorized file writes, data access, persistence, and broader host-side command execution. |
|---|
| Quelle | ⚠️ https://github.com/nextlevelbuilder/goclaw/issues/1205 |
|---|
| Benutzer | Eric-e (UID 97581) |
|---|
| Einreichung | 11.06.2026 10:38 (vor 1 Monat) |
|---|
| Moderieren | 13.07.2026 19:24 (1 month later) |
|---|
| Status | Duplikat |
|---|
| VulDB Eintrag | 378127 [nextlevelbuilder GoClaw 3.11.3 exec_approval.go ExecApprovalManager.CheckCommand erweiterte Rechte] |
|---|
| Punkte | 0 |
|---|