| 标题 | haojing8312 WorkClaw v0.1.0 - v0.6.3 Incomplete Blacklist |
|---|
| 描述 | The is_dangerous function contains critical security vulnerabilities that lead to CWE-78: OS Command Injection and CWE-184: Incomplete Blacklist. The function attempts to block malicious system commands using a hardcoded blacklist and naive substring matching, but its flawed design enables complete bypass of all protection mechanisms, exposing the system to severe risks including arbitrary command execution, data loss, and system compromise.
The core issue stems from improper input validation and filtering. The function only checks for fixed hardcoded patterns with strict single-space formatting, failing to handle common shell syntax variations such as multiple spaces, tabs, line breaks, quoted parameters, escaped characters, and absolute command paths. It performs no command boundary validation, allowing attackers to easily construct malicious commands that avoid substring matching. Additionally, the blacklist is extremely limited and misses widespread dangerous operations, while the lowercase conversion provides no real security value on case-sensitive operating systems.
These weaknesses mean the function cannot effectively neutralize special elements within OS commands. Attackers can craft valid malicious commands that bypass detection entirely, leading to unauthorized system modification, file deletion, disk formatting, and full system takeover. This inadequate filtering creates a critical security gap under the pretext of protection, making the function unsafe for production use and directly enabling OS command injection attacks.
More details: https://github.com/haojing8312/WorkClaw/issues/4 |
|---|
| 来源 | ⚠️ https://github.com/haojing8312/WorkClaw/issues/4 |
|---|
| 用户 | ybdesire (UID 83239) |
|---|
| 提交 | 2026-04-29 16時31分 (1 月前) |
|---|
| 管理 | 2026-05-26 12時39分 (27 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 365627 [haojing8312 WorkClaw 直到 0.6.4 Blacklist bash.rs is_dangerous 权限提升] |
|---|
| 积分 | 20 |
|---|