fix: resolve #10616 #10614 #10613 #10610 #10607 (WhatsApp sendTo, run…#10620
fix: resolve #10616 #10614 #10613 #10610 #10607 (WhatsApp sendTo, run…#10620d1maash wants to merge 1 commit intoopenclaw:mainfrom
Conversation
openclaw#10607 (WhatsApp sendTo, runtime guardrails, compaction retry, cron restart scheduling, Feishu WS appType)
SummaryThis PR addresses the 5 latest open issues in
Testing
Linked issues
|
| if (hasSendToRestriction && !sendTo.entries.includes(normalizedTo)) { | ||
| return { ok: false, error: notAllowedSendToError() }; | ||
| } |
There was a problem hiding this comment.
Empty sendTo bypass
If channels.whatsapp.sendTo (or per-account sendTo) is configured but normalizes down to an empty list (e.g., only invalid numbers, whitespace, or only group JIDs), hasSendToRestriction becomes false and outbound DMs fall back to allowFrom/to behavior. That effectively disables the intended outbound restriction without an explicit opt-out. This is reachable whenever the config contains any non-empty-but-invalid entries.
Consider treating a configured-but-empty-after-normalization sendTo as "block all DMs" (or surface a config error) so operators don’t get a silent bypass.
Prompt To Fix With AI
This is a comment left during a code review.
Path: src/channels/plugins/outbound/whatsapp.ts
Line: 69:71
Comment:
**Empty `sendTo` bypass**
If `channels.whatsapp.sendTo` (or per-account `sendTo`) is configured but normalizes down to an empty list (e.g., only invalid numbers, whitespace, or only group JIDs), `hasSendToRestriction` becomes false and outbound DMs fall back to `allowFrom`/`to` behavior. That effectively disables the intended outbound restriction without an explicit opt-out. This is reachable whenever the config contains any non-empty-but-invalid entries.
Consider treating a *configured-but-empty-after-normalization* `sendTo` as "block all DMs" (or surface a config error) so operators don’t get a silent bypass.
How can I resolve this? If you propose a fix, please make it concise.|
Fixed in #12988. This will go out in the next OpenClaw release. If you still see this after updating to the first release that includes #12988, please open a new issue with:
Link back here for context. |
…time guardrails, compaction retry, cron restart scheduling, Feishu WS appType)
Greptile Overview
Greptile Summary
before_tool_callhook wrapper.nextRunAtMsacross service restarts so missed runs remain due.sendToallowlist (global + per-account) enforced for DM sends, and sets Feishu WS clientappTypeexplicitly.sendTosettings, with tests covering the guardrails/hook integration.Confidence Score: 3/5
sendTorestriction logic can be bypassed whensendTois configured but normalizes to an empty allowlist, which is a realistic misconfiguration and undermines the feature’s security intent.(2/5) Greptile learns from your feedback when you react with thumbs up/down!