Conversation
…stency, bounds CRITICAL security fix: - Remove config-driven workspace path fallback (CRITICAL security: an attacker controlling the API config could redirect rule loading to an attacker-controlled file, enabling rule injection or ReDoS). Now uses only ctx.workspaceDir (SDK) and hardcoded safe default. Security hardening: - ReDoS protection: simple alphanumeric keywords now use String.includes() instead of regex (eliminates pathological backtracking from untrusted rules). Regex still used for keywords with special characters. - Added MAX_KEYWORD_LEN=100 guard to reject oversized keywords before escaping. - Added 'u' (Unicode) flag to word-boundary regex for correct internationalization. Logic fixes: - Fixed confidence validation inconsistency: rules with confidence:undefined now pass loadCorrelationRules filter consistently (was: pass load but filtered in matchRules, now: consistent pass in both). Correctness hardening: - Added Math.min(1000, ...) ceiling on max_results to prevent OOM from attacker-supplied large values. Build fix: - Fix build script: index.ts moved to scripts/correlation-memory.ts (already reflected in SKILL.md but build script was stale).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Security and correctness audit of
scripts/correlation-memory.tsvia MiniMax-M2.7. 5 issues fixed.CRITICAL — Config-driven path injection (RCE-adjacent)
File:
scripts/correlation-memory.tsVulnerability:
resolveWorkspacePath()fell back toapi.config?.agents?.defaults?.workspace. If an attacker could influence the OpenClaw API config, they could redirectcorrelation-rules.jsonloading to an attacker-controlled file — enabling rule injection, ReDoS, or decision manipulation.Fix: Removed the config fallback entirely. Now uses only
ctx.workspaceDir(SDK-provided, trusted) and a hardcoded safe default.HIGH — ReDoS via pathological keywords
File:
scripts/correlation-memory.ts(lines 130-155)Vulnerability: Keywords from
correlation-rules.jsonwere compiled directly to RegExp without complexity limits. Even with character escaping, patterns likea{100}can cause exponential backtracking on long input text.Fix:
String.includes()— O(n*m), no backtrackingHIGH — Confidence validation inconsistency
File:
scripts/correlation-memory.ts(lines 73-77 vs 200-204)Bug:
loadCorrelationRuleskept rules withconfidence: undefinedbutmatchRulesfiltered them out. Result: undefined-confidence rules silently passed load but were dropped at match time.Fix: Explicit
undefinedcheck in load filter makes behavior consistent.MEDIUM — Missing Unicode flag
File:
scripts/correlation-memory.ts(line 141)Bug: Word-boundary regex has undefined behavior for non-ASCII characters without the
uflag.Fix: Changed
"i"to"iu"(case-insensitive + Unicode).MEDIUM — No upper bound on max_results
File:
scripts/correlation-memory.ts(lines 369-371, 452-454)Bug: No ceiling on
max_results— a caller could passNumber.MAX_SAFE_INTEGER, causing unbounded array allocation.Fix: Added
Math.min(1000, Math.max(1, floor(...)))ceiling.Build fix
package.jsonbuild script pointed to deletedindex.ts— updated toscripts/correlation-memory.tsTest results
Auditor: MiniMax-M2.7 (gateway)
Model used for delegation: MiniMax-M2.7