fix(security): kill timed out exec process trees · openclaw/openclaw@39dc92e

Recent Commits to openclaw:main

vincentkoc · 2026-06-18 · via Recent Commits to openclaw:main

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,17 @@`
	`1`	`+import type { ChildProcess } from "node:child_process";`
	`2`	`+import { signalProcessTree } from "./kill-tree.js";`
	`3`	`+`
	`4`	`+export function shouldDetachChildForProcessTree(): boolean {`
	`5`	`+return process.platform !== "win32";`
	`6`	`+}`
	`7`	`+`
	`8`	`+export function forceKillChildProcessTree(child: Pick<ChildProcess, "kill" \| "pid">): void {`
	`9`	`+if (typeof child.pid === "number" && child.pid > 0) {`
	`10`	`+signalProcessTree(child.pid, "SIGKILL", {`
	`11`	`+detached: shouldDetachChildForProcessTree(),`
	`12`	`+});`
	`13`	`+return;`
	`14`	`+}`
	`15`	`+`
	`16`	`+child.kill("SIGKILL");`
	`17`	`+}`

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,12 @@ import path from "node:path";`
`5`	`5`	`import { afterAll, beforeAll, describe, expect, it, vi } from "vitest";`
`6`	`6`	`import type { OpenClawConfig } from "../config/config.js";`
`7`	`7`	`import { MAX_TIMER_TIMEOUT_MS } from "../shared/number-coercion.js";`
	`8`	`+import {`
	`9`	`+killPidIfAlive,`
	`10`	`+readPidFile,`
	`11`	`+waitForPidToExit,`
	`12`	`+writeForkingNoOutputScript,`
	`13`	`+} from "../test-utils/process-tree.js";`
`8`	`14`	`import { INVALID_EXEC_SECRET_REF_IDS } from "../test-utils/secret-ref-test-vectors.js";`
`9`	`15`	`import { withMockedWindowsPlatform } from "../test-utils/vitest-spies.js";`
`10`	`16`	`import {`
`@@ -55,6 +61,7 @@ describe("secret ref resolver", () => {`
`55`	`61`	`jsonOnly?: boolean;`
`56`	`62`	`allowSymlinkCommand?: boolean;`
`57`	`63`	`trustedDirs?: string[];`
	`64`	`+env?: Record<string, string>;`
`58`	`65`	`args?: string[];`
`59`	`66`	`timeoutMs?: number;`
`60`	`67`	`noOutputTimeoutMs?: number;`
`@@ -255,6 +262,28 @@ describe("secret ref resolver", () => {`
`255`	`262`	`expect(value).toBe("ok");`
`256`	`263`	`});`
`257`	`264`
	`265`	`+itPosix("kills forked exec provider children on no-output timeout", async () => {`
	`266`	`+const root = await createCaseDir("exec-fork-timeout");`
	`267`	`+const scriptPath = await writeForkingNoOutputScript(root);`
	`268`	`+const pidPath = path.join(root, "forked.pid");`
	`269`	`+let childPid: number \| undefined;`
	`270`	`+`
	`271`	`+try {`
	`272`	`+await expect(`
	`273`	`+resolveExecSecret(scriptPath, {`
	`274`	`+env: { NODE_BINARY: process.execPath, PID_FILE: pidPath },`
	`275`	`+noOutputTimeoutMs: 150,`
	`276`	`+timeoutMs: 2000,`
	`277`	`+}),`
	`278`	`+).rejects.toThrow('Exec provider "execmain" produced no output');`
	`279`	`+`
	`280`	`+childPid = await readPidFile(pidPath);`
	`281`	`+expect(await waitForPidToExit(childPid)).toBe(true);`
	`282`	`+} finally {`
	`283`	`+killPidIfAlive(childPid);`
	`284`	`+}`
	`285`	`+});`
	`286`	`+`
`258`	`287`	`itPosix("supports non-JSON single-value exec output when jsonOnly is false", async () => {`
`259`	`288`	`const value = await resolveExecSecret(execPlainScriptPath, { jsonOnly: false });`
`260`	`289`	`expect(value).toBe("plain-secret");`

Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,10 @@ import {`
`18`	`18`	`loadPluginManifestRegistry,`
`19`	`19`	`type PluginManifestRegistry,`
`20`	`20`	`} from "../plugins/manifest-registry.js";`
	`21`	`+import {`
	`22`	`+forceKillChildProcessTree,`
	`23`	`+shouldDetachChildForProcessTree,`
	`24`	`+} from "../process/child-process-tree.js";`
`21`	`25`	`import { inspectPathPermissions, safeStat } from "../security/audit-fs.js";`
`22`	`26`	`import { isPathInside } from "../security/scan-paths.js";`
`23`	`27`	`import { resolveUserPath } from "../utils.js";`
`@@ -497,6 +501,7 @@ async function runExecResolver(params: {`
`497`	`501`	`stdio: ["pipe", "pipe", "pipe"],`
`498`	`502`	`shell: false,`
`499`	`503`	`windowsHide: true,`
	`504`	`+detached: shouldDetachChildForProcessTree(),`
`500`	`505`	`});`
`501`	`506`
`502`	`507`	`let settled = false;`
`@@ -508,7 +513,7 @@ async function runExecResolver(params: {`
`508`	`513`	`let noOutputTimer: NodeJS.Timeout \| null = null;`
`509`	`514`	`const timeoutTimer = setTimeout(() => {`
`510`	`515`	`timedOut = true;`
`511`		`-child.kill("SIGKILL");`
	`516`	`+forceKillChildProcessTree(child);`
`512`	`517`	`}, params.timeoutMs);`
`513`	`518`
`514`	`519`	`const clearTimers = () => {`
`@@ -525,15 +530,15 @@ async function runExecResolver(params: {`
`525`	`530`	`}`
`526`	`531`	`noOutputTimer = setTimeout(() => {`
`527`	`532`	`noOutputTimedOut = true;`
`528`		`-child.kill("SIGKILL");`
	`533`	`+forceKillChildProcessTree(child);`
`529`	`534`	`}, params.noOutputTimeoutMs);`
`530`	`535`	`};`
`531`	`536`
`532`	`537`	`const append = (chunk: Buffer \| string, target: "stdout" \| "stderr") => {`
`533`	`538`	`const text = typeof chunk === "string" ? chunk : chunk.toString("utf8");`
`534`	`539`	`outputBytes += Buffer.byteLength(text, "utf8");`
`535`	`540`	`if (outputBytes > params.maxOutputBytes) {`
`536`		`-child.kill("SIGKILL");`
	`541`	`+forceKillChildProcessTree(child);`
`537`	`542`	`if (!settled) {`
`538`	`543`	`settled = true;`
`539`	`544`	`clearTimers();`

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,12 @@ import os from "node:os";`
`4`	`4`	`import path from "node:path";`
`5`	`5`	`import { afterEach, beforeEach, describe, expect, it } from "vitest";`
`6`	`6`	`import type { OpenClawConfig } from "../config/types.openclaw.js";`
	`7`	`+import {`
	`8`	`+killPidIfAlive,`
	`9`	`+readPidFile,`
	`10`	`+waitForPidToExit,`
	`11`	`+writeForkingNoOutputScript,`
	`12`	`+} from "../test-utils/process-tree.js";`
`7`	`13`	`import {`
`8`	`14`	`runInstallPolicy,`
`9`	`15`	`validateInstallPolicyStatic,`
`@@ -211,6 +217,42 @@ describe("runInstallPolicy", () => {`
`211`	`217`	`expect(result).toEqual({});`
`212`	`218`	`});`
`213`	`219`
	`220`	`+it.runIf(process.platform !== "win32")(`
	`221`	`+"kills forked policy command children on no-output timeout",`
	`222`	`+async () => {`
	`223`	`+const forkScriptPath = await writeForkingNoOutputScript(sourceDir);`
	`224`	`+const pidPath = path.join(sourceDir, "forked.pid");`
	`225`	`+let childPid: number \| undefined;`
	`226`	`+`
	`227`	`+try {`
	`228`	`+const result = await runInstallPolicy({`
	`229`	`+config: {`
	`230`	`+security: {`
	`231`	`+installPolicy: {`
	`232`	`+enabled: true,`
	`233`	`+exec: {`
	`234`	`+source: "exec",`
	`235`	`+command: forkScriptPath,`
	`236`	`+env: { NODE_BINARY: process.execPath, PID_FILE: pidPath },`
	`237`	`+allowInsecurePath: true,`
	`238`	`+noOutputTimeoutMs: 150,`
	`239`	`+timeoutMs: 2000,`
	`240`	`+},`
	`241`	`+},`
	`242`	`+},`
	`243`	`+},`
	`244`	`+request: baseRequest(sourceDir),`
	`245`	`+});`
	`246`	`+`
	`247`	`+expect(result?.blocked?.reason).toContain("policy command produced no output");`
	`248`	`+childPid = await readPidFile(pidPath);`
	`249`	`+expect(await waitForPidToExit(childPid)).toBe(true);`
	`250`	`+} finally {`
	`251`	`+killPidIfAlive(childPid);`
	`252`	`+}`
	`253`	`+},`
	`254`	`+);`
	`255`	`+`
`214`	`256`	`it("does not inherit PATH unless passEnv includes it", async () => {`
`215`	`257`	`const envPath = path.join(sourceDir, "env.json");`
`216`	`258`	`const response = JSON.stringify({ protocolVersion: 1, decision: "allow" });`

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,10 @@ import fs from "node:fs/promises";`
`4`	`4`	`import path from "node:path";`
`5`	`5`	`import type { OpenClawConfig, SecurityConfig } from "../config/types.openclaw.js";`
`6`	`6`	`import { formatErrorMessage } from "../infra/errors.js";`
	`7`	`+import {`
	`8`	`+forceKillChildProcessTree,`
	`9`	`+shouldDetachChildForProcessTree,`
	`10`	`+} from "../process/child-process-tree.js";`
`7`	`11`	`import { normalizePositiveInt, normalizePositiveTimerMs } from "../secrets/shared.js";`
`8`	`12`	`import { resolveUserPath } from "../utils.js";`
`9`	`13`	`import { resolveRuntimeServiceVersion } from "../version.js";`
`@@ -534,6 +538,7 @@ async function runPolicyCommand(params: {`
`534`	`538`	`stdio: ["pipe", "pipe", "pipe"],`
`535`	`539`	`shell: false,`
`536`	`540`	`windowsHide: true,`
	`541`	`+detached: shouldDetachChildForProcessTree(),`
`537`	`542`	`});`
`538`	`543`
`539`	`544`	`let settled = false;`
`@@ -545,7 +550,7 @@ async function runPolicyCommand(params: {`
`545`	`550`	`let noOutputTimer: NodeJS.Timeout \| null = null;`
`546`	`551`	`const timeoutTimer = setTimeout(() => {`
`547`	`552`	`timedOut = true;`
`548`		`-child.kill("SIGKILL");`
	`553`	`+forceKillChildProcessTree(child);`
`549`	`554`	`}, params.timeoutMs);`
`550`	`555`
`551`	`556`	`const clearTimers = () => {`
`@@ -562,15 +567,15 @@ async function runPolicyCommand(params: {`
`562`	`567`	`}`
`563`	`568`	`noOutputTimer = setTimeout(() => {`
`564`	`569`	`noOutputTimedOut = true;`
`565`		`-child.kill("SIGKILL");`
	`570`	`+forceKillChildProcessTree(child);`
`566`	`571`	`}, params.noOutputTimeoutMs);`
`567`	`572`	`};`
`568`	`573`
`569`	`574`	`const append = (chunk: Buffer \| string, target: "stdout" \| "stderr") => {`
`570`	`575`	`const text = typeof chunk === "string" ? chunk : chunk.toString("utf8");`
`571`	`576`	`outputBytes += Buffer.byteLength(text, "utf8");`
`572`	`577`	`if (outputBytes > params.maxOutputBytes) {`
`573`		`-child.kill("SIGKILL");`
	`578`	`+forceKillChildProcessTree(child);`
`574`	`579`	`if (!settled) {`
`575`	`580`	`settled = true;`
`576`	`581`	`clearTimers();`

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,51 @@`
	`1`	`+import fs from "node:fs/promises";`
	`2`	`+import path from "node:path";`
	`3`	`+`
	`4`	`+export async function writeForkingNoOutputScript(dir: string): Promise<string> {`
	`5`	`+const scriptPath = path.join(dir, "fork-no-output.sh");`
	`6`	`+await fs.writeFile(`
	`7`	`+scriptPath,`
	`8`	`+[`
	`9`	`+"#!/bin/sh",`
	`10`	`+'"$NODE_BINARY" -e "setInterval(() => {}, 1000)" &',`
	`11`	`+'printf "%s" "$!" > "$PID_FILE"',`
	`12`	`+"sleep 30",`
	`13`	`+].join("\n"),`
	`14`	`+"utf8",`
	`15`	`+);`
	`16`	`+await fs.chmod(scriptPath, 0o700);`
	`17`	`+return scriptPath;`
	`18`	`+}`
	`19`	`+`
	`20`	`+export function isPidAlive(pid: number): boolean {`
	`21`	`+try {`
	`22`	`+process.kill(pid, 0);`
	`23`	`+return true;`
	`24`	`+} catch {`
	`25`	`+return false;`
	`26`	`+}`
	`27`	`+}`
	`28`	`+`
	`29`	`+export async function waitForPidToExit(pid: number, timeoutMs = 2000): Promise<boolean> {`
	`30`	`+const deadline = Date.now() + timeoutMs;`
	`31`	`+while (Date.now() < deadline) {`
	`32`	`+if (!isPidAlive(pid)) {`
	`33`	`+return true;`
	`34`	`+}`
	`35`	`+await new Promise<void>((resolve) => {`
	`36`	`+setTimeout(resolve, 25);`
	`37`	`+});`
	`38`	`+}`
	`39`	`+return !isPidAlive(pid);`
	`40`	`+}`
	`41`	`+`
	`42`	`+export async function readPidFile(pidPath: string): Promise<number> {`
	`43`	`+return Number((await fs.readFile(pidPath, "utf8")).trim());`
	`44`	`+}`
	`45`	`+`
	`46`	`+export function killPidIfAlive(pid: number \| undefined): void {`
	`47`	`+if (pid === undefined \|\| !isPidAlive(pid)) {`
	`48`	`+return;`
	`49`	`+}`
	`50`	`+process.kill(pid, "SIGKILL");`
	`51`	`+}`

此内容由惯性聚合(RSS阅读器)自动聚合整理，仅供阅读参考。原文来自 — 版权归原作者所有。

推荐订阅源

Recent Commits to openclaw:main