Skip to content

security(telegram): fail closed group allowlist against DM pairing store#25988

Merged
obviyus merged 3 commits intoopenclaw:mainfrom
bmendonca3:bm/security-4th-20260225
Feb 26, 2026
Merged

security(telegram): fail closed group allowlist against DM pairing store#25988
obviyus merged 3 commits intoopenclaw:mainfrom
bmendonca3:bm/security-4th-20260225

Conversation

@bmendonca3
Copy link
Copy Markdown
Contributor

@bmendonca3 bmendonca3 commented Feb 25, 2026
edited by greptile-apps bot
Loading

Summary

  • Fail closed for Telegram group sender authorization by removing DM pairing-store fallback from group allowlist evaluation.
  • Keep group sender checks strictly bound to explicit group config (groupAllowFrom and per-group/per-topic allowFrom).
  • Add regression coverage proving a DM-paired sender cannot bypass Telegram group allowlists.

Change Type

  • Security fix
  • Tests

Scope

  • src/telegram/bot/helpers.ts
  • src/telegram/bot-message-context.ts
  • src/telegram/bot.create-telegram-bot.test.ts

Security Impact

  • Boundary crossed before fix: DM pairing state (readChannelAllowFromStore("telegram")) was merged into group sender authorization.
  • Exploit path: a sender paired for DM access but absent from groupAllowFrom could still trigger group message handling under groupPolicy="allowlist".
  • Practical impact: unauthorized group-triggered bot actions in Telegram groups/channels where allowlist policy should block that sender.

Repro + Verification

Deterministic regression scenario:

  1. Configure Telegram with groupPolicy: "allowlist" and groupAllowFrom: ["222222222"].
  2. Pair/approve DM sender 123456789 (so it exists in pairing store).
  3. Send group message from sender 123456789.
  4. Before fix: message is processed.
  5. After fix: message is blocked.

Targeted checks:

pnpm test src/telegram/bot.create-telegram-bot.test.ts -- --maxWorkers=1
pnpm test src/telegram/bot-message-context.sender-prefix.test.ts src/telegram/bot-native-commands.plugin-auth.test.ts -- --maxWorkers=1

Evidence

Human Verification

  • Confirmed pre-fix failure using the added test.
  • Confirmed post-fix pass in targeted Telegram suites listed above.

Compatibility / Migration

  • No schema/config format changes.
  • Deployments that relied on implicit group authorization via DM pairing store must now add those sender IDs explicitly to groupAllowFrom (or group/topic allowFrom).

Failure Recovery

  • Revert this commit to restore prior behavior.
  • Operational workaround without revert: add intended senders explicitly to Telegram group allowlists.

Risks and Mitigations

  • Risk: previously implicit (and unsafe) group authorization paths become blocked.
  • Mitigation: behavior now aligns with documented group allowlist semantics; regression test guards against reintroduction.

Greptile Summary

Removes DM pairing store fallback from Telegram group sender authorization, preventing unauthorized group access by DM-paired users.

Key Changes:

  • Replaced normalizeAllowFromWithStore with normalizeAllowFrom in group allowlist evaluation (bot-message-context.ts:198, bot/helpers.ts:52)
  • Group sender checks now strictly use explicit groupAllowFrom or per-group/topic allowFrom configuration
  • Added regression test validating that DM-paired sender 123456789 is blocked from group when only 222222222 is in groupAllowFrom

Security Context:
This fix mirrors the iMessage pairing-store bypass fix (commit 872079d42) and follows the same fail-closed pattern. The vulnerability allowed senders paired for DM access to trigger bot actions in groups where they should be blocked by allowlist policy.

Confidence Score: 5/5

  • This PR is safe to merge with minimal risk - it's a focused security fix that removes an unsafe authorization path.
  • The changes are surgical and well-tested. The fix replaces two function calls from normalizeAllowFromWithStore (which merges DM pairing store) to normalizeAllowFrom (explicit config only), directly addressing the documented security boundary crossing. The regression test validates the fix, and the pattern matches the proven iMessage fix from commit 872079d. No logic errors or edge cases detected.
  • No files require special attention

Last reviewed commit: 8ba4b3a

thebtf pushed a commit to thebtf/openclaw that referenced this pull request Feb 25, 2026
fix(telegram): cherry-pick upstream PRs openclaw#26229, openclaw#26264,
e72831c 
openclaw#25988

- openclaw#26229: replace Agent with EnvHttpProxyAgent in global undici dispatcher
  so HTTP_PROXY/HTTPS_PROXY env vars are respected for all outbound fetch
  calls (regression fix from openclaw#25682 that overwrote proxy-aware dispatcher)

- openclaw#26264: lower text fragment aggregation threshold 4000→3600 chars to
  reliably catch structured content that Telegram splits at ~3800 chars

- openclaw#25988: fail closed group allowlist against DM pairing store — group
  sender checks now use only explicit groupAllowFrom config, not the DM
  pairing store (security: DM-paired senders cannot bypass group allowlist)
nikolasdehor
nikolasdehor approved these changes Feb 25, 2026
View reviewed changes
Copy link
Copy Markdown

@nikolasdehor nikolasdehor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Important security boundary fix. The DM pairing store is a dynamic, user-initiated data source — allowing it to populate the group allowlist means any user who completes DM pairing automatically gains group access, which is a privilege escalation. Switching effectiveGroupAllow from normalizeAllowFromWithStore to normalizeAllowFrom (static config only) in both bot-message-context.ts and helpers.ts correctly isolates the two authorization domains. The test case directly validates the invariant: a sender present in the pairing store but absent from groupAllowFrom is blocked in group context.

@obviyus obviyus self-assigned this Feb 26, 2026
@obviyus obviyus force-pushed the bm/security-4th-20260225 branch from 56bbd37 to 21dfe5c Compare February 26, 2026 03:51
@obviyus obviyus merged commit 3b02985 into openclaw:main Feb 26, 2026
9 checks passed
@obviyus
Copy link
Copy Markdown
Contributor

obviyus commented Feb 26, 2026

Landed via temp rebase onto main.

  • Gate: pnpm lint && pnpm build && pnpm test (failed locally at test/scripts/ios-team-id.test.ts:99:23)
  • Land commit: 21dfe5c
  • Merge commit: 3b0298562b1a0fdf8575467fc055460414c6a91a

Thanks @bmendonca3!

@github-actions github-actions bot mentioned this pull request Feb 26, 2026
Open
@arjunaskykok arjunaskykok mentioned this pull request Feb 26, 2026
Closed
2 tasks
@dongzhenye dongzhenye mentioned this pull request Feb 26, 2026
Closed
@toolsbybuddy toolsbybuddy mentioned this pull request Feb 27, 2026
Closed
execute008 pushed a commit to execute008/openclaw that referenced this pull request Feb 27, 2026
@obviyus @execute008
fix: document telegram group allowlist hardening (openclaw#25988) (th…
d410c48 
…anks @bmendonca3)
r4jiv007 pushed a commit to r4jiv007/openclaw that referenced this pull request Feb 28, 2026
@obviyus @r4jiv007
fix: document telegram group allowlist hardening (openclaw#25988) (th…
a8044b9 
…anks @bmendonca3)
vincentkoc pushed a commit to Sid-Qin/openclaw that referenced this pull request Feb 28, 2026
@obviyus @vincentkoc
fix: document telegram group allowlist hardening (openclaw#25988) (th…
6777f95 
…anks @bmendonca3)
vincentkoc pushed a commit to rylena/rylen-openclaw that referenced this pull request Feb 28, 2026
@obviyus @vincentkoc
fix: document telegram group allowlist hardening (openclaw#25988) (th…
d22d8ae 
…anks @bmendonca3)
@github-actions github-actions bot mentioned this pull request Mar 1, 2026
Closed
6 tasks
hughdidit pushed a commit to hughdidit/DAISy-Agency that referenced this pull request Mar 1, 2026
@obviyus @github-actions
fix: document telegram group allowlist hardening (openclaw#25988) (th…
b3f429d 
…anks @bmendonca3)

(cherry picked from commit 3b02985)

# Conflicts:
#	CHANGELOG.md
steipete pushed a commit to Sid-Qin/openclaw that referenced this pull request Mar 2, 2026
@obviyus @steipete
fix: document telegram group allowlist hardening (openclaw#25988) (th…
006bd2f 
…anks @bmendonca3)
robertchang-ga pushed a commit to robertchang-ga/openclaw that referenced this pull request Mar 2, 2026
@obviyus
fix: document telegram group allowlist hardening (openclaw#25988) (th…
0ac5368 
…anks @bmendonca3)
hughdidit pushed a commit to hughdidit/DAISy-Agency that referenced this pull request Mar 3, 2026
@obviyus @github-actions
fix: document telegram group allowlist hardening (openclaw#25988) (th…
e03bcc8 
…anks @bmendonca3)

(cherry picked from commit 3b02985)

# Conflicts:
#	CHANGELOG.md
dorgonman pushed a commit to kanohorizonia/openclaw that referenced this pull request Mar 3, 2026
@obviyus @dorgonman
fix: document telegram group allowlist hardening (openclaw#25988) (th…
eca8a83 
…anks @bmendonca3)
zooqueen pushed a commit to hanzoai/bot that referenced this pull request Mar 6, 2026
@obviyus
fix: document telegram group allowlist hardening (openclaw#25988) (th…
19b686a 
…anks @bmendonca3)
thebenjaminlee pushed a commit to escape-velocity-ventures/openclaw that referenced this pull request Mar 7, 2026
@obviyus @thebenjaminlee
fix: document telegram group allowlist hardening (openclaw#25988) (th…
55d2ac7 
…anks @bmendonca3)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@nikolasdehor nikolasdehor nikolasdehor approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@obviyus obviyus

Labels

channel: telegram Channel integration: telegram size: S

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bmendonca3 @obviyus @nikolasdehor