|
14 | 14 | # |
15 | 15 | # 1. Provider creation — openshell stores the real token |
16 | 16 | # 2. Sandbox attachment — --provider flags wire providers to the sandbox |
17 | | -# 3. Credential isolation — real tokens never appear in sandbox env |
| 17 | +# 3. Credential isolation — real tokens never appear in sandbox env, |
| 18 | +# process list, or filesystem |
18 | 19 | # 4. Config patching — openclaw.json channels use placeholder values |
19 | 20 | # 5. Network reachability — Node.js can reach messaging APIs through proxy |
20 | 21 | # 6. Native Discord gateway path — WebSocket path is probed separately from REST |
@@ -277,6 +278,81 @@ else |
277 | 278 | info "Subsequent phases that depend on placeholders will adapt" |
278 | 279 | fi |
279 | 280 |
|
| 281 | +# M3/M4 verify the specific TELEGRAM_BOT_TOKEN / DISCORD_BOT_TOKEN |
| 282 | +# env vars hold placeholders. The checks below verify the real |
| 283 | +# host-side tokens do not appear on ANY observable surface inside |
| 284 | +# the sandbox: full environment, process list, or filesystem. |
| 285 | + |
| 286 | +sandbox_env_all=$(sandbox_exec "env 2>/dev/null" 2>/dev/null || true) |
| 287 | +sandbox_ps=$(sandbox_exec "ps aux 2>/dev/null || ps -ef 2>/dev/null" 2>/dev/null || true) |
| 288 | + |
| 289 | +# M5a: Full environment dump must not contain the real Telegram token |
| 290 | +if [ -n "$sandbox_env_all" ] && echo "$sandbox_env_all" | grep -qF "$TELEGRAM_TOKEN"; then |
| 291 | + fail "M5a: Real Telegram token found in full sandbox environment dump" |
| 292 | +else |
| 293 | + pass "M5a: Real Telegram token absent from full sandbox environment" |
| 294 | +fi |
| 295 | + |
| 296 | +# M5b: Process list must not contain the real Telegram token |
| 297 | +if [ -n "$sandbox_ps" ] && echo "$sandbox_ps" | grep -qF "$TELEGRAM_TOKEN"; then |
| 298 | + fail "M5b: Real Telegram token found in sandbox process list" |
| 299 | +else |
| 300 | + pass "M5b: Real Telegram token absent from sandbox process list" |
| 301 | +fi |
| 302 | + |
| 303 | +# M5c: Recursive filesystem search for the real Telegram token. |
| 304 | +# Covers /sandbox (workspace), /home, /etc, /tmp, /var. |
| 305 | +sandbox_fs_tg=$(sandbox_exec "grep -rFl '$TELEGRAM_TOKEN' /sandbox /home /etc /tmp /var 2>/dev/null || true" 2>/dev/null || true) |
| 306 | +if [ -n "$sandbox_fs_tg" ]; then |
| 307 | + fail "M5c: Real Telegram token found on sandbox filesystem: ${sandbox_fs_tg}" |
| 308 | +else |
| 309 | + pass "M5c: Real Telegram token absent from sandbox filesystem" |
| 310 | +fi |
| 311 | + |
| 312 | +# M5d: Placeholder string must be present in the sandbox environment |
| 313 | +if [ -n "$TELEGRAM_PLACEHOLDER" ]; then |
| 314 | + if echo "$sandbox_env_all" | grep -qF "$TELEGRAM_PLACEHOLDER"; then |
| 315 | + pass "M5d: Telegram placeholder confirmed present in sandbox environment" |
| 316 | + else |
| 317 | + fail "M5d: Telegram placeholder not found in sandbox environment" |
| 318 | + fi |
| 319 | +else |
| 320 | + skip "M5d: No Telegram placeholder to verify (provider-only mode)" |
| 321 | +fi |
| 322 | + |
| 323 | +# M5e: Full environment dump must not contain the real Discord token |
| 324 | +if [ -n "$sandbox_env_all" ] && echo "$sandbox_env_all" | grep -qF "$DISCORD_TOKEN"; then |
| 325 | + fail "M5e: Real Discord token found in full sandbox environment dump" |
| 326 | +else |
| 327 | + pass "M5e: Real Discord token absent from full sandbox environment" |
| 328 | +fi |
| 329 | + |
| 330 | +# M5f: Process list must not contain the real Discord token |
| 331 | +if [ -n "$sandbox_ps" ] && echo "$sandbox_ps" | grep -qF "$DISCORD_TOKEN"; then |
| 332 | + fail "M5f: Real Discord token found in sandbox process list" |
| 333 | +else |
| 334 | + pass "M5f: Real Discord token absent from sandbox process list" |
| 335 | +fi |
| 336 | + |
| 337 | +# M5g: Recursive filesystem search for the real Discord token |
| 338 | +sandbox_fs_dc=$(sandbox_exec "grep -rFl '$DISCORD_TOKEN' /sandbox /home /etc /tmp /var 2>/dev/null || true" 2>/dev/null || true) |
| 339 | +if [ -n "$sandbox_fs_dc" ]; then |
| 340 | + fail "M5g: Real Discord token found on sandbox filesystem: ${sandbox_fs_dc}" |
| 341 | +else |
| 342 | + pass "M5g: Real Discord token absent from sandbox filesystem" |
| 343 | +fi |
| 344 | + |
| 345 | +# M5h: Discord placeholder must be present in the sandbox environment |
| 346 | +if [ -n "$DISCORD_PLACEHOLDER" ]; then |
| 347 | + if echo "$sandbox_env_all" | grep -qF "$DISCORD_PLACEHOLDER"; then |
| 348 | + pass "M5h: Discord placeholder confirmed present in sandbox environment" |
| 349 | + else |
| 350 | + fail "M5h: Discord placeholder not found in sandbox environment" |
| 351 | + fi |
| 352 | +else |
| 353 | + skip "M5h: No Discord placeholder to verify (provider-only mode)" |
| 354 | +fi |
| 355 | + |
280 | 356 | # ══════════════════════════════════════════════════════════════════ |
281 | 357 | # Phase 3: Config Patching — openclaw.json channels |
282 | 358 | # ══════════════════════════════════════════════════════════════════ |
|
0 commit comments