osai-agent 4.2.23 → 4.2.24

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "osai-agent",
-  "version": "4.2.23",
+  "version": "4.2.24",
   "type": "module",
   "description": "OS AI Agent - YOUR AI AGENT",
   "main": "src/index.js",

package/src/tools/local.js

@@ -15,6 +15,13 @@ const COMMAND_TIMEOUT = parseInt(process.env.OSAI_COMMAND_TIMEOUT) || DEFAULTS.C
 const FETCH_TIMEOUT = parseInt(process.env.OSAI_FETCH_TIMEOUT) || DEFAULTS.FETCH_TIMEOUT;
 const MAX_COMMAND_OUTPUT_CHARS = parseInt(process.env.OSAI_MAX_COMMAND_OUTPUT_CHARS || '40000', 10);
 
+const SAFE_ENV_KEYS = new Set([
+  'PATH', 'HOME', 'USER', 'USERNAME', 'HOSTNAME', 'HOST',
+  'LANG', 'LC_ALL', 'LC_CTYPE', 'TERM', 'SHELL',
+  'TMPDIR', 'TMP', 'TEMP', 'XDG_*', 'DISPLAY', 'WAYLAND_DISPLAY',
+  'NODE_ENV', 'PYTHONIOENCODING', 'LANG',
+]);
+
 /** Commands that spawn interactive shells — must be blocked */
 const INTERACTIVE_COMMANDS = [
   /^cmd(\s+\/k)?$/i, /^powershell(\s+-noexit)?$/i, /^bash$/i, /^sh$/i,
@@ -211,6 +218,12 @@ export const executeLocal = async (command, sudoPassword = null) => {
     }
   }
 
+  // Block dangerous patterns
+  const safety = validateLocalCommand(trimmedCmd);
+  if (!safety.safe) {
+    return { success: false, output: '', error: safety.reason };
+  }
+
   logger.debug('Executing local command', { cmd: trimmedCmd, timeout: COMMAND_TIMEOUT });
 
   const isWindows = detectOS() === 'windows';
@@ -220,6 +233,12 @@ export const executeLocal = async (command, sudoPassword = null) => {
     finalCommand = finalCommand.replace(/^sudo\b/, 'sudo -S');
   }
 
+  // Apply resource limits via shell (non-Windows)
+  if (!isWindows) {
+    const cpuSecs = Math.ceil(COMMAND_TIMEOUT / 1000);
+    finalCommand = `ulimit -t ${cpuSecs} -v 524288 2>/dev/null; ${finalCommand}`;
+  }
+
   return await new Promise((resolve) => {
     let output = '';
     let truncatedChars = 0;
@@ -233,10 +252,20 @@ export const executeLocal = async (command, sudoPassword = null) => {
       if (text.length > remaining) truncatedChars += text.length - remaining;
     };
 
+    const filteredEnv = Object.fromEntries(
+      Object.entries(process.env).filter(([key]) => {
+        if (SAFE_ENV_KEYS.has(key)) return true;
+        if (key.startsWith('XDG_')) return true;
+        return false;
+      })
+    );
+    filteredEnv.PYTHONIOENCODING = 'utf-8';
+    filteredEnv.LANG = 'en_US.UTF-8';
+
     const child = spawn(finalCommand, {
       shell: isWindows ? 'cmd.exe' : '/bin/sh',
       windowsHide: true,
-      env: { ...process.env, PYTHONIOENCODING: 'utf-8', LANG: 'en_US.UTF-8' },
+      env: filteredEnv,
     });
 
     if (sudoPassword) {
@@ -761,12 +790,18 @@ export const getFileInfo = async (filePath) => {
  * Fetch content from a URL (for documentation, API data, etc.)
  * {"tool":"FETCH_URL","url":"<url>","description":"<why>"}
  */
+const PRIVATE_IP_RE = /^(https?:\/\/)(127\.|10\.|172\.(1[6-9]|2\d|3[01])\.|192\.168\.|169\.254\.|0\.|::1|fc00:|fe80:)/i;
+
 export const fetchUrl = async (url, description = '') => {
   try {
     if (!url || !url.startsWith('http')) {
       return { success: false, output: '', error: 'Invalid URL. Must start with http:// or https://' };
     }
 
+    if (PRIVATE_IP_RE.test(url)) {
+      return { success: false, output: '', error: 'Blocked: URL points to a private/internal network address' };
+    }
+
     const controller = new AbortController();
     const timeoutId = setTimeout(() => controller.abort(), FETCH_TIMEOUT);