lzh/picoclaw
1
0
Fork 0
mirror of https://github.com/sipeed/picoclaw.git synced 2026-06-12 18:08:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2088 from badgerbees/fix/telegram-dm-policy-security

Browse Source 
fix(channels): add security audit for open-by-default bots
This commit is contained in:
Mauro
2026-03-30 23:58:25 +02:00
committed by GitHub
parent a995a94990 8d5fc736d6
commit 4d34824737
1 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/channels/base.go
+16 -1
View File
@@ -112,6 +112,18 @@ func NewBaseChannel(
for _, opt := range opts { for _, opt := range opts {
opt(bc) opt(bc)
} }
// Security Audit: Check for open-by-default (unsecured) channels.
// PicoClaw aims to be secure-by-default. If allow_from is empty, the bot
// currently defaults to accepting messages from ANYONE. To explicitly
// acknowledge and permit this (e.g. for a public bot), use ["*"].
if len(bc.allowList) == 0 {
logger.WarnCF("channels", "SECURITY: Channel allows EVERYONE (allow_from is empty)", map[string]any{
"channel": bc.name,
"hint": "Set allow_from to your ID, or use '*' to explicitly acknowledge open access.",
})
}
return bc return bc
} }
@@ -187,6 +199,9 @@ func (c *BaseChannel) IsAllowed(senderID string) bool {
} }
for _, allowed := range c.allowList { for _, allowed := range c.allowList {
if allowed == "*" {
return true
}
// Strip leading "@" from allowed value for username matching // Strip leading "@" from allowed value for username matching
trimmed := strings.TrimPrefix(allowed, "@") trimmed := strings.TrimPrefix(allowed, "@")
allowedID := trimmed allowedID := trimmed
@@ -221,7 +236,7 @@ func (c *BaseChannel) IsAllowedSender(sender bus.SenderInfo) bool {
} }
for _, allowed := range c.allowList { for _, allowed := range c.allowList {
if identity.MatchAllowed(sender, allowed) { if allowed == "*" || identity.MatchAllowed(sender, allowed) {
return true return true
} }
} }