github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 01:01:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: harden boundary-path canonical alias handling

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-26 13:43:23 +01:00
parent 4b71de384c
commit 1aef45bc06
3 changed files with 52 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/infra/boundary-path.test.ts
View File

@@ -117,6 +117,37 @@ describe("resolveBoundaryPath", () => {
});
});
it("allows canonical aliases that still resolve inside root", async () => {
if (process.platform === "win32") {
return;
}
await withTempRoot("openclaw-boundary-path-", async (base) => {
const root = path.join(base, "workspace");
const aliasRoot = path.join(base, "workspace-alias");
const fileName = "plugin.js";
await fs.mkdir(root, { recursive: true });
await fs.writeFile(path.join(root, fileName), "export default {}", "utf8");
await fs.symlink(root, aliasRoot);
const resolved = await resolveBoundaryPath({
absolutePath: path.join(aliasRoot, fileName),
rootPath: await fs.realpath(root),
boundaryLabel: "plugin root",
});
expect(resolved.exists).toBe(true);
expect(isPathInside(resolved.rootCanonicalPath, resolved.canonicalPath)).toBe(true);
const resolvedSync = resolveBoundaryPathSync({
absolutePath: path.join(aliasRoot, fileName),
rootPath: await fs.realpath(root),
boundaryLabel: "plugin root",
});
expect(resolvedSync.exists).toBe(true);
expect(isPathInside(resolvedSync.rootCanonicalPath, resolvedSync.canonicalPath)).toBe(true);
});
});
it("maintains containment invariant across randomized alias cases", async () => {
if (process.platform === "win32") {
return;