github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 16:14:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: unify boundary-safe reads for bootstrap and includes

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-26 12:42:06 +01:00
parent 199ef9f8ea
commit 242188b7b1
8 changed files with 374 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
src/agents/workspace.load-extra-bootstrap-files.test.ts
View File

@@ -2,7 +2,7 @@ import fs from "node:fs/promises";
import os from "node:os";
import path from "node:path";
import { afterAll, beforeAll, describe, expect, it } from "vitest";
import { loadExtraBootstrapFiles } from "./workspace.js";
import { loadExtraBootstrapFiles, loadExtraBootstrapFilesWithDiagnostics } from "./workspace.js";
describe("loadExtraBootstrapFiles", () => {
let fixtureRoot = "";
@@ -69,4 +69,43 @@ describe("loadExtraBootstrapFiles", () => {
expect(files[0]?.name).toBe("AGENTS.md");
expect(files[0]?.content).toBe("linked agents");
});
it("rejects hardlinked aliases to files outside workspace", async () => {
if (process.platform === "win32") {
return;
}
const rootDir = await createWorkspaceDir("hardlink");
const workspaceDir = path.join(rootDir, "workspace");
const outsideDir = path.join(rootDir, "outside");
await fs.mkdir(workspaceDir, { recursive: true });
await fs.mkdir(outsideDir, { recursive: true });
const outsideFile = path.join(outsideDir, "AGENTS.md");
const linkedFile = path.join(workspaceDir, "AGENTS.md");
await fs.writeFile(outsideFile, "outside", "utf-8");
try {
await fs.link(outsideFile, linkedFile);
} catch (err) {
if ((err as NodeJS.ErrnoException).code === "EXDEV") {
return;
}
throw err;
}
const files = await loadExtraBootstrapFiles(workspaceDir, ["AGENTS.md"]);
expect(files).toHaveLength(0);
});
it("skips oversized bootstrap files and reports diagnostics", async () => {
const workspaceDir = await createWorkspaceDir("oversized");
const payload = "x".repeat(2 * 1024 * 1024 + 1);
await fs.writeFile(path.join(workspaceDir, "AGENTS.md"), payload, "utf-8");
const { files, diagnostics } = await loadExtraBootstrapFilesWithDiagnostics(workspaceDir, [
"AGENTS.md",
]);
expect(files).toHaveLength(0);
expect(diagnostics.some((d) => d.reason === "security")).toBe(true);
});
});