github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-31 13:13:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

test: tighten install mode and allowlist coverage

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-13 18:46:11 +00:00
parent 1bf56e711a
commit 0db1c31103
2 changed files with 101 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
src/infra/exec-allowlist-pattern.test.ts
View File

@@ -2,13 +2,47 @@ import { describe, expect, it } from "vitest";
import { matchesExecAllowlistPattern } from "./exec-allowlist-pattern.js";
describe("matchesExecAllowlistPattern", () => {
it.each([
{ pattern: "", target: "/tmp/tool", expected: false },
{ pattern: " ", target: "/tmp/tool", expected: false },
{ pattern: "/tmp/tool", target: "/tmp/tool", expected: true },
])("handles literal patterns for %j", ({ pattern, target, expected }) => {
expect(matchesExecAllowlistPattern(pattern, target)).toBe(expected);
});
it("does not let ? cross path separators", () => {
expect(matchesExecAllowlistPattern("/tmp/a?b", "/tmp/a/b")).toBe(false);
expect(matchesExecAllowlistPattern("/tmp/a?b", "/tmp/acb")).toBe(true);
});
it("keeps ** matching across path separators", () => {
expect(matchesExecAllowlistPattern("/tmp/**/tool", "/tmp/a/b/tool")).toBe(true);
it.each([
{ pattern: "/tmp/*/tool", target: "/tmp/a/tool", expected: true },
{ pattern: "/tmp/*/tool", target: "/tmp/a/b/tool", expected: false },
{ pattern: "/tmp/**/tool", target: "/tmp/a/b/tool", expected: true },
])("handles star patterns for %j", ({ pattern, target, expected }) => {
expect(matchesExecAllowlistPattern(pattern, target)).toBe(expected);
});
it("expands home-prefix patterns", () => {
const prevOpenClawHome = process.env.OPENCLAW_HOME;
const prevHome = process.env.HOME;
process.env.OPENCLAW_HOME = "/srv/openclaw-home";
process.env.HOME = "/home/other";
try {
expect(matchesExecAllowlistPattern("~/bin/tool", "/srv/openclaw-home/bin/tool")).toBe(true);
expect(matchesExecAllowlistPattern("~/bin/tool", "/home/other/bin/tool")).toBe(false);
} finally {
if (prevOpenClawHome === undefined) {
delete process.env.OPENCLAW_HOME;
} else {
process.env.OPENCLAW_HOME = prevOpenClawHome;
}
if (prevHome === undefined) {
delete process.env.HOME;
} else {
process.env.HOME = prevHome;
}
}
});
it.runIf(process.platform !== "win32")("preserves case sensitivity on POSIX", () => {