| 标题 | nextlevelbuilder goclaw <= v3.11.3 OS Command Injection (CWE-78) |
|---|
| 描述 | # Technical Details
An Arbitrary Command Execution inside Sandbox via FsBridge Command Injection exists in the `WriteFile` function in `internal/sandbox/fsbridge.go` of goclaw.
The application fails to escape shell metacharacters when formatting the docker execution command. It injects the resolved path into an unwrapped `sh -c` bash execution command string via Go's `fmt.Sprintf` with the `%q` verb. The `%q` format verb only wraps the string in double quotes and does not escape Bash metacharacters like `$()` or backticks, allowing command substitution.
# Vulnerable Code
File: internal/sandbox/fsbridge.go
Method: FsBridge.WriteFile
Why: Unvalidated user file paths are formatted into a `sh -c` argument without metacharacter sanitization, causing Bash to evaluate command substitution before executing the file write operation.
# Reproduction
1. Enable Sandbox mode (`GOCLAW_SANDBOX_MODE=all`) exposing Docker capability.
2. Trigger an LLM workflow where the `write_file` tool is called and file paths are controlled or influenced.
3. Supply a malicious file path such as `notes/$(touch /tmp/pwned).txt`.
4. Observe that the command substitution is executed as root inside the sandbox container.
# Impact
- OS Command Injection and Remote Code Execution (RCE).
- Attackers can steal container API tokens/keys, read other tenants' data inside the sandbox, conduct lateral SSRF scanning inside the host's VPC network bridge, or potentially escalate privileges by compromising the Docker host. |
|---|
| 来源 | ⚠️ https://github.com/nextlevelbuilder/goclaw/issues/1121 |
|---|
| 用户 | Eric-b (UID 96354) |
|---|
| 提交 | 2026-05-07 13時51分 (1 月前) |
|---|
| 管理 | 2026-05-31 09時41分 (24 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 367498 [nextlevelbuilder GoClaw 直到 3.11.3 write_file Tool fsbridge.go FsBridge.WriteFile 权限提升] |
|---|
| 积分 | 20 |
|---|