harald/zeroclaw
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3
zeroclaw/src/tools
History
fettpl c54bfe3814 fix(security): move record_action before canonicalize in file_read 
Move the rate limit budget consumption (record_action) to immediately
after the path allowlist check but before canonicalization. Previously,
an attacker could probe whether arbitrary paths exist via canonicalize
errors without consuming any rate limit budget, since record_action
was only called after the file size check.

Now every request that passes the basic path validation consumes rate
limit budget, regardless of whether the file exists.

Closes #354

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-16 17:21:52 +01:00
..
browser.rs feat(browser): add optional rust-native backend via fantoccini 2026-02-16 05:25:27 -05:00
browser_open.rs refactor: simplify CLI commands and update architecture docs 2026-02-14 05:17:16 -05:00
composio.rs fix(composio): align v3 execute path and honor configured entity_id (#322) 2026-02-16 23:40:37 +08:00
delegate.rs fix(provider): complete ChatResponse integration across runtime surfaces 2026-02-16 19:18:12 +08:00
file_read.rs fix(security): move record_action before canonicalize in file_read 2026-02-16 17:21:52 +01:00
file_write.rs fix(security): enforce action guards in file_write and scheduler (#269) 2026-02-16 01:57:58 -05:00
git_operations.rs fix(main): remove duplicate ModelCommands enum definition 2026-02-16 17:00:10 +01:00
http_request.rs fix(tools): use original headers for HTTP requests, redact only in display 2026-02-16 16:59:05 +01:00
image_info.rs fix(memory): prevent autosave key collisions across runtime flows 2026-02-15 22:55:52 -05:00
memory_forget.rs feat: initial release — ZeroClaw v0.1.0 2026-02-13 12:19:14 -05:00
memory_recall.rs style: cargo fmt — fix all formatting for CI 2026-02-13 16:03:50 -05:00
memory_store.rs feat: initial release — ZeroClaw v0.1.0 2026-02-13 12:19:14 -05:00
mod.rs fix(composio): align v3 execute path and honor configured entity_id (#322) 2026-02-16 23:40:37 +08:00
schedule.rs feat: unify scheduled tasks from #337 and #338 with security-first integration 2026-02-16 23:38:29 +08:00
screenshot.rs feat: add screenshot and image_info vision tools 2026-02-15 14:53:56 -05:00
shell.rs feat(config): make config writes atomic with rollback-safe replacement (#190) 2026-02-15 12:18:45 -05:00
traits.rs test: deepen and complete project-wide test coverage (#297) 2026-02-16 05:58:24 -05:00