feat(security): add security configuration and tool validation

Security Configuration: - config/security.toml with shell_exec, file_read, file_write, web_fetch, browser, and mcp settings - Command whitelist/blacklist for shell execution - Path restrictions for file operations - SSRF protection for web fetch Tool Security Implementation: - ShellSecurityConfig with whitelist/blacklist validation - ShellExecTool with actual command execution - Timeout and output size limits - Security checks before command execution Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-24 03:10:32 +08:00
parent 84601776d9
commit e49ba4460b
4 changed files with 334 additions and 9 deletions
--- a/config/security.toml
+++ b/config/security.toml
@@ -0,0 +1,107 @@
+# ZCLAW Security Configuration
+# Controls which commands and operations are allowed
+
+[shell_exec]
+# Enable shell command execution
+enabled = true
+# Default timeout in seconds
+default_timeout = 60
+# Maximum output size in bytes
+max_output_size = 1048576  # 1MB
+
+# Whitelist of allowed commands
+# If whitelist is non-empty, only these commands are allowed
+allowed_commands = [
+    "git",
+    "npm",
+    "pnpm",
+    "node",
+    "cargo",
+    "rustc",
+    "python",
+    "python3",
+    "pip",
+    "ls",
+    "cat",
+    "echo",
+    "mkdir",
+    "rm",
+    "cp",
+    "mv",
+    "grep",
+    "find",
+    "head",
+    "tail",
+    "wc",
+]
+
+# Blacklist of dangerous commands (always blocked)
+blocked_commands = [
+    "rm -rf /",
+    "dd",
+    "mkfs",
+    "format",
+    "shutdown",
+    "reboot",
+    "init",
+    "systemctl",
+]
+
+[file_read]
+enabled = true
+# Allowed directory prefixes (empty = allow all)
+allowed_paths = []
+# Blocked paths (always blocked)
+blocked_paths = [
+    "/etc/shadow",
+    "/etc/passwd",
+    "~/.ssh",
+    "~/.gnupg",
+]
+
+[file_write]
+enabled = true
+# Maximum file size in bytes (10MB)
+max_file_size = 10485760
+# Blocked paths
+blocked_paths = [
+    "/etc",
+    "/usr",
+    "/bin",
+    "/sbin",
+    "C:\\Windows",
+    "C:\\Program Files",
+]
+
+[web_fetch]
+enabled = true
+# Request timeout in seconds
+timeout = 30
+# Maximum response size in bytes (10MB)
+max_response_size = 10485760
+# Block internal/private IP ranges (SSRF protection)
+block_private_ips = true
+# Allowed domains (empty = allow all)
+allowed_domains = []
+# Blocked domains
+blocked_domains = []
+
+[browser]
+# Browser automation settings
+enabled = true
+# Default page load timeout in seconds
+page_timeout = 30
+# Maximum concurrent sessions
+max_sessions = 5
+# Block access to internal networks
+block_internal_networks = true
+
+[mcp]
+# MCP protocol settings
+enabled = true
+# Allowed MCP servers (empty = allow all)
+allowed_servers = []
+# Blocked MCP servers
+blocked_servers = []
+# Maximum tool execution time in seconds
+max_tool_time = 300