github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-27 23:00:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: harden secret-file readers

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-10 23:40:10 +00:00
parent 208fb1aa35
commit 201420a7ee
26 changed files with 433 additions and 188 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/telegram/token.test.ts
View File

@@ -48,6 +48,21 @@ describe("resolveTelegramToken", () => {
fs.rmSync(dir, { recursive: true, force: true });
});
it.runIf(process.platform !== "win32")("rejects symlinked tokenFile paths", () => {
vi.stubEnv("TELEGRAM_BOT_TOKEN", "");
const dir = withTempDir();
const tokenFile = path.join(dir, "token.txt");
const tokenLink = path.join(dir, "token-link.txt");
fs.writeFileSync(tokenFile, "file-token\n", "utf-8");
fs.symlinkSync(tokenFile, tokenLink);
const cfg = { channels: { telegram: { tokenFile: tokenLink } } } as OpenClawConfig;
const res = resolveTelegramToken(cfg);
expect(res.token).toBe("");
expect(res.source).toBe("none");
fs.rmSync(dir, { recursive: true, force: true });
});
it("falls back to config token when no env or tokenFile", () => {
vi.stubEnv("TELEGRAM_BOT_TOKEN", "");
const cfg = {