openclaw/Dockerfile.sandbox
Robby 4686606c66 security(core): fix path validation bypasses in archive, transcript, and memory
- Replace vulnerable startsWith() checks with path.relative() validation
- Add isPathWithinBase() helper for consistent path validation
- Add path filter to tar extraction to prevent directory escape
- Validate sessionFile parameter in transcript resolution
- Add non-root 'sandbox' user to Docker sandbox (UID 1000)

Security impact:
- Prevents path traversal in archive extraction (zip and tar)
- Prevents arbitrary file write via transcript path injection
- Prevents workspace escape in memory manager
- Reduces privilege in Docker sandbox

Fixes #3277
[AI-assisted]
2026-01-28 10:44:01 +00:00

21 lines
365 B
Docker

FROM debian:bookworm-slim
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
bash \
ca-certificates \
curl \
git \
jq \
python3 \
ripgrep \
&& rm -rf /var/lib/apt/lists/*
RUN useradd -m -s /bin/bash -u 1000 sandbox
USER sandbox
WORKDIR /home/sandbox
CMD ["sleep", "infinity"]