| 标题 | nextlevelbuilder GoClaw 3.13.3-beta.3 Command Execution Policy Bypass (CWE-184) |
|---|
| 描述 | # Technical Details
A Command Execution Policy Bypass exists in the `matchesAllowlist` method in `internal/tools/exec_approval.go` of GoClaw.
The application fails to parse shell chaining operators before approval. The public `POST /v1/tools/invoke` endpoint accepts operator-controlled `args.command`, `matchesAllowlist(command)` approves the request if the first token matches the allowlist, and the host execution sink later passes the original command string to `/bin/sh -c`. A payload like `echo VULN_OK && touch /tmp/canary` is therefore approved because `echo` is allowlisted, while the chained `touch` command also executes.
# Vulnerable Code
File: internal/tools/exec_approval.go
Method: matchesAllowlist
Why: The code compares only `extractBin(command)` against the allowlist, while `internal/tools/shell.go` forwards the original string to `executeOnHost()` and `exec.Command(shellPath, "-c", command)`, so shell operators such as `&&` and `;` remain active.
# Reproduction
1. Configure GoClaw `3.13.3-beta.3` with the `exec` tool enabled, `security=allowlist`, `ask=off`, and an allowlist containing a leading command such as `echo`.
2. Invoke `POST /v1/tools/invoke` for `exec` with `args.command` set to `echo VULN_OK && touch /tmp/canary`.
3. Observe that the request succeeds and the non-allowlisted `touch` command creates the canary file.
# Impact
- Authenticated operators can execute additional non-allowlisted commands after an allowlisted prefix.
- This can lead to unauthorized file writes, data access, persistence, and broader host-side command execution. |
|---|
| 来源 | ⚠️ https://github.com/nextlevelbuilder/goclaw/issues/1205 |
|---|
| 用户 | Eric-e (UID 97581) |
|---|
| 提交 | 2026-06-11 10時38分 (1 月前) |
|---|
| 管理 | 2026-07-13 19時24分 (1 month later) |
|---|
| 状态 | 重复 |
|---|
| VulDB条目 | 378127 [nextlevelbuilder GoClaw 3.11.3 exec_approval.go ExecApprovalManager.CheckCommand 权限提升] |
|---|
| 积分 | 0 |
|---|